4 matches found
CVE-2025-8572
The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the userrole parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevate...
CVE-2025-8572
The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the userrole parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevate...
CVE-2025-8572
The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the userrole parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevate...
CVE-2025-10742
The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...