- Description
- The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers to register as an administrator user.
- Source
- security@wordfence.com
- NVD status
- Deferred
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-269
- Hype score
- Not currently trending
https://t.co/3ROLHgWo0S CVE-2025-6254 doctreat_core (CVSS Score 9.8) #WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #wordpresssecurity #hacking #wpsecurity #atomicedge
@atomicedgeWAF
11 Jun 2026
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6254 The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registrati⦠https://t.co/ZpMK9RuZ01
@CVEnew
10 Jun 2026
112 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π¨ CVE-2025-6254 β CVSS 9.8/10 ββββββββββ The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including,... Severity: CRITICAL Patch now. #cybersecurity #CVE https://t.co/2t7zeCmLKd
@OrizonCyber
10 Jun 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes