CVE-2025-6254: WordPress Doctreat Core Plugin Privilege Escalation (CVSS 9.8)
ID: fcdc043e-65e3-5095-86e7-6dcc8f75f06c
STIX ID: report--fcdc043e-65e3-5095-86e7-6dcc8f75f06c
Feed Name: CosmicBytez Labs
Threat Score
**Critical privilege escalation in Doctreat Core (CVE-2025-6254)** — A CVSS 9.8 vulnerability in the Doctreat Core WordPress plugin (≤1.6.8) permits unauthenticated remote attackers to register accounts with arbitrary elevated roles (including administrator), enabling full site takeover; recommended mitigations include updating the plugin when patched, disabling public registration, auditing accounts, and deploying WAF rules.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.