CVE-2025-11895 | Binary MLM Plan Plugin up to 3.0 on WordPress Shortcode /bmp-account-detail/ bmp_user_payout_detail_of_current_user ID resource injection

October 17, 2025 Yanac

A vulnerability was found in Binary MLM Plan Plugin up to 3.0 on WordPress. It has been rated as critical. This impacts the function bmp_user_payout_detail_of_current_user of the file /bmp-account-detail/ of the component Shortcode Handler. This manipulation of the argument ID causes improper control of resource identifiers.

The identification of this vulnerability is CVE-2025-11895. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More