A vulnerability categorized as problematic has been discovered in WP-Members Membership Plugin up to 3.5.4.4 on WordPress. Affected is an unknown function of the file wp-content/uploads/wpmembers/user_files/. The manipulation results in improper access controls.
This vulnerability is known as CVE-2025-12648. It is possible to launch the attack remotely. No exploit is available.
