WordPress Truelysell Core plugin <= 1.8.7 - Unauthenticated Privilege Escalation via Registration vulnerability

Unauthenticated Privilege Escalation via Registration vulnerability discovered by Alyudin Nafiie in WordPress Plugin Truelysell Core versions = 1.8.7...

CVE-2025-8572

The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the userrole parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevate...

CVE-2025-8572

The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the userrole parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevate...

CVE-2025-8572 Truelysell Core <= 1.8.7 - Unauthenticated Privilege Escalation via Registration

The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the userrole parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevate...

CVE-2025-8572

The CVE concerns the Truelysell Core plugin for WordPress. Versions

CVE-2025-8572

The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the userrole parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevate...

CVE-2025-8572 Truelysell Core <= 1.8.7 - Unauthenticated Privilege Escalation via Registration

The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the userrole parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevate...

PT-2026-8095

Name of the Vulnerable Software and Affected Versions Truelysell Core plugin for WordPress versions prior to 1.8.7 Description The Truelysell Core plugin for WordPress is subject to a privilege escalation issue. Insufficient validation of the user role parameter during user registration allows...

WordPress plugin Truelysell Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-10742

The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

CVE-2025-10742

The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

EUVD-2025-34722

The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

CVE-2025-10742 Truelysell Core <= 1.8.6 - Unauthenticated Arbitrary User Password Change

The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

CVE-2025-10742 Truelysell Core <= 1.8.6 - Unauthenticated Arbitrary User Password Change

The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

CVE-2025-10742

CVE-2025-10742 affects Truelysell Core (WordPress) up to version 1.8.6. The vulnerability allows unauthenticated attackers to change user passwords due to user-controlled access to objects, potentially taking over administrator accounts. Exploitation is possible without authentication only if the...

WordPress Truelysell Core plugin <= 1.8.6 - Unauthenticated Arbitrary User Password Change vulnerability

Unauthenticated Arbitrary User Password Change vulnerability discovered by István Márton in WordPress Plugin Truelysell Core versions = 1.8.6...

WordPress plugin Truelysell Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...