CVE-2025-13680

The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user-setrole function. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2025-13675

CVE-2025-13675 affects the Tiger WordPress Theme (pre-101.2.2; WordPress Tiger 101.2.1 and earlier). The root cause is in paypal-submit.php, which does not restrict registration roles, allowing unauthenticated attackers to set administrator during signup. Impact is unauthenticated privilege escal...

CVE-2025-31027 WordPress Tiger theme <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0...

CVE-2025-31407 WordPress Tiger theme <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0...

CVE-2025-31407

CVE-2025-31407 affects the Tiger software (up to version 2.0). The connected data indicates an authenticated (Subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Tiger, caused by improper input neutralization during web page generation. The CVSS v3.1 base metrics are: Score 6.5 (Mediu...