CVE-2025-6254

CRITICAL WAF: Low

CVSS 9.8 Published: 2026-06-10

CWE-269

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers to register as an administrator user.

WAF Coverage Analysis

Improper Privilege Management Low WAF Coverage

OWASP: A01:2021 Broken Access Control

References

themeforest.net
www.wordfence.com

Back to CVE Database