CVE-2026-14250
The Themehunk Login Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.2. This is due to the handlefrontendregister function in the unauthenticated /thlogin/v1/register REST endpoint accepting a user-controlled 'role' parameter and...