2 matches found
CVE-2025-12981
The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...
CVE-2021-37394
In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration...