Truelysell Core

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the user_role parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevated privileges, including administrator access.

AI Analysis

Unauthenticated privilege escalation vulnerability due to insufficient validation of the user_role parameter during user registration

Basic Information

ID CVE-2025-8572

Source Wordfence

Published Feb 14, 2026 at 08:26

Affected Product

Vendor dreamstechnologies

Product Truelysell Core

Version *

Affected Versions dreamstechnologies Truelysell Core *

CWE Classification

CWE-269

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor dreamstechnologies

Product Truelysell Core

Version <= 1.8.7

References

{
    "lastseen": "",
    "description": "The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the user_role parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevated privileges, including administrator access.",
    "published": "2026-02-14T08:26:47.464Z",
    "modified": "2026-02-14T08:26:47.464Z",
    "type": "cve",
    "title": "Truelysell Core <= 1.8.7 - Unauthenticated Privilege Escalation via Registration",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b027c9f9-3144-4783-b646-ee1e02cd27ef?source=cve\nhttps://themeforest.net/item/truelysell-service-booking-wordpress-theme/43398124",
    "id": "CVE-2025-8572",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "dreamstechnologies Truelysell Core *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Truelysell Core",
    "version": "*",
    "vendor": "dreamstechnologies",
    "ai_description": "Unauthenticated privilege escalation vulnerability due to insufficient validation of the user_role parameter during user registration",
    "ai_severity": "Critical",
    "ai_vendor": "dreamstechnologies",
    "ai_product": "Truelysell Core",
    "ai_version": "<= 1.8.7",
    "ai_score": 9.8
}

Truelysell Core <= 1.8.7 - Unauthenticated Privilege Escalation via Registration_CVE-2025-8572