Plattform
wordpress
Komponente
tiger
Behoben in
101.2.2
CVE-2025-13680 describes a Privilege Escalation vulnerability discovered in the Tiger WordPress theme. This flaw allows authenticated attackers, even those with limited Subscriber-level access, to elevate their privileges to administrator, granting them full control over the WordPress site. The vulnerability impacts versions from 0.0.0 up to and including 101.2.1, and a patch is expected to be released by the theme developer.
Successful exploitation of CVE-2025-13680 grants an attacker complete administrative control over the affected WordPress website. This includes the ability to modify content, install malicious plugins, create new user accounts with elevated privileges, and potentially access sensitive data stored within the WordPress database. The attacker could deface the website, steal user credentials, inject malware, or use the compromised site as a launchpad for further attacks against other systems on the network. The impact is particularly severe because the vulnerability requires only authenticated access, making it accessible to a wide range of potential attackers.
This vulnerability was publicly disclosed on 2025-11-27. There are currently no known public exploits or active campaigns targeting CVE-2025-13680. The vulnerability's ease of exploitation, combined with the widespread use of WordPress, suggests it could become a target for opportunistic attackers. Monitor security advisories and threat intelligence feeds for updates.
Websites using the Tiger WordPress theme, particularly those with a large number of Subscriber-level users or those with weak password policies, are at increased risk. Shared hosting environments where multiple websites share the same server resources are also vulnerable if one site is running an unpatched version of the theme.
• wordpress / composer / npm:
grep -r "$user->set_role()" /var/www/html/wp-content/themes/tiger/*• wordpress / composer / npm:
wp plugin list --status=active | grep tiger• wordpress / composer / npm:
wp theme list --status=active | grep tigerdisclosure
Exploit-Status
EPSS
0.06% (18% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-13680 is to immediately upgrade the Tiger WordPress theme to a patched version as soon as it becomes available. Until a patch is released, consider temporarily disabling the Tiger theme or restricting access to the WordPress admin panel to trusted users only. While a direct workaround is unavailable, implementing a robust WordPress security plugin with role-based access controls can help limit the potential damage if the vulnerability is exploited. Regularly review user roles and permissions to ensure they are appropriately configured.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Schwachstelle eingehend und setzen Sie Schutzmaßnahmen basierend auf der Risikobereitschaft Ihrer Organisation um. Es kann am besten sein, die betroffene Software zu deinstallieren und eine Alternative zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-13680 is a vulnerability allowing authenticated users to escalate privileges to administrator in the Tiger WordPress theme, potentially granting full control over the website.
You are affected if your WordPress site uses the Tiger theme and is running a version prior to the patch release. Check your theme version and upgrade as soon as a patch is available.
Upgrade the Tiger WordPress theme to the latest version as soon as a patch is released by the theme developer. Until then, restrict user roles and implement WAF rules.
As of the publication date, there is no confirmed active exploitation of CVE-2025-13680, but it's crucial to apply the patch promptly to prevent potential attacks.
Refer to the Tiger WordPress theme developer's website or WordPress.org plugin repository for the official advisory and patch release information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.