CVE-2025-8572

CRITICAL WAF: Low

CVSS 9.8 Published: 2026-02-14

CWE-269

The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the user_role parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevated privileges, including administrator access.

WAF Coverage Analysis

Improper Privilege Management Low WAF Coverage

OWASP: A01:2021 Broken Access Control

References

themeforest.net
www.wordfence.com

Back to CVE Database