WordPress FindAll Listing plugin <= 1.0.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by シルAsuna in WordPress Plugin FindAll Listing versions = 1.0.5...

CVE-2025-13538

The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findalllistinguserregistrationadditionalparams' function not restricting what user roles a user can register with. This makes it possible for...

EUVD-2025-199802

The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findalllistinguserregistrationadditionalparams' function not restricting what user roles a user can register with. This makes it possible for...

CVE-2025-13538

The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findalllistinguserregistrationadditionalparams' function not restricting what user roles a user can register with. This makes it possible for...

CVE-2025-13538

CVE-2025-13538 affects the WordPress plugin FindAll Listing (&lt;= 1.0.5). The issue is an unrestricted registration parameter check in the plugin’s registration flow, allowing unauthenticated users to set the administrator role during registration. Exploitation requires that the FindAll Membersh...

CVE-2025-13538 FindAll Listing <= 1.0.5 - Unauthenticated Privilege Escalation

The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findalllistinguserregistrationadditionalparams' function not restricting what user roles a user can register with. This makes it possible for...

CVE-2025-13538 FindAll Listing <= 1.0.5 - Unauthenticated Privilege Escalation

The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findalllistinguserregistrationadditionalparams' function not restricting what user roles a user can register with. This makes it possible for...

WordPress plugin FindAll Listing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-48227

Name of the Vulnerable Software and Affected Versions FindAll Listing versions prior to 1.0.6 Description The FindAll Listing plugin for WordPress is susceptible to a privilege escalation issue. This occurs because the findall listing user registration additional params function does not properly...