← voltar
CVE-2025-8572

Truelysell Core <= 1.8.7 - Unauthenticated Privilege Escalation via Registration

CVSS 9.8 CRITICALEPSS 0.4%CWE-269
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.8EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 fev 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the user_role parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevated privileges, including administrator access.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
dreamstechnologies · Truelysell Core

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://themeforest.net/item/truelysell-service-booking-wordpress-theme/43398124https://www.wordfence.com/threat-intel/vulnerabilities/id/b027c9f9-3144-4783-b646-ee1e02cd27ef?source=cve