Tiger

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the 'paypal-submit.php' file not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

AI Analysis

Unauthenticated Privilege Escalation vulnerability due to unrestricted user role registration

Basic Information

ID CVE-2025-13675

Source Wordfence

Published Nov 27, 2025 at 04:36

Affected Product

Vendor DirectoryThemes

Product Tiger

Version *

Affected Versions DirectoryThemes Tiger *

CWE Classification

CWE-269

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor DirectoryThemes

Product Tiger

Version 101.2.1

References

{
    "lastseen": "",
    "description": "The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the 'paypal-submit.php' file not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.",
    "published": "2025-11-27T04:36:44.081Z",
    "modified": "2025-11-27T04:36:44.081Z",
    "type": "cve",
    "title": "Tiger <= 101.2.1 - Unauthenticated Privilege Escalation",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4750b57e-7d8d-49d7-bbbf-46483eb97bd9?source=cve\nhttps://themeforest.net/item/tiger-social-network-theme-for-companies-professionals/16203995",
    "id": "CVE-2025-13675",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "DirectoryThemes Tiger *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Tiger",
    "version": "*",
    "vendor": "DirectoryThemes",
    "ai_description": "Unauthenticated Privilege Escalation vulnerability due to unrestricted user role registration",
    "ai_severity": "Critical",
    "ai_vendor": "DirectoryThemes",
    "ai_product": "Tiger",
    "ai_version": "101.2.1",
    "ai_score": 9.8
}

Tiger <= 101.2.1 - Unauthenticated Privilege Escalation_CVE-2025-13675