CVE Catalog

CVE-2025-6254

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile — higher than 9% of all known CVEs

Summary

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 1.6.8. The doctreat_process_registration() function does not properly restrict the roles that a user can register with.

Risk Assessment

Unauthenticated attackers can register as an administrator user, posing a serious security threat to the system.

Recommendation

It is recommended to update the Doctreat Core plugin to the latest version to mitigate this vulnerability and restrict user registration to trusted sources.

Original NVD description (English source)

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers to register as an administrator user.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS