Plattform
wordpress
Komponente
truelysell-core
Behoben in
1.8.8
CVE-2025-8572 is a critical privilege escalation vulnerability affecting the Truelysell Core plugin for WordPress. Attackers can exploit this flaw to bypass authentication and gain unauthorized administrator privileges. This vulnerability impacts versions 0 through 1.8.7 of the plugin and has been resolved in version 1.8.8.
The impact of CVE-2025-8572 is severe. Successful exploitation allows an attacker to create a new user account with elevated privileges, effectively bypassing standard WordPress access controls. This grants the attacker complete control over the WordPress site, including the ability to modify content, install malicious plugins, access sensitive data, and potentially compromise the entire server. The lack of authentication required for exploitation significantly broadens the attack surface, making the vulnerability particularly dangerous. A malicious actor could leverage this to deface the website, steal user data (including credentials), or use the compromised site as a launchpad for further attacks against internal systems.
CVE-2025-8572 was publicly disclosed on 2026-02-14. While no public proof-of-concept (PoC) code has been released at the time of writing, the ease of exploitation makes it likely that PoCs will emerge. The vulnerability's critical severity and ease of exploitation suggest a medium probability of exploitation, particularly given the widespread use of WordPress and its plugins. It is not currently listed on the CISA KEV catalog.
Exploit-Status
EPSS
0.03% (10% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-8572 is to immediately upgrade the Truelysell Core plugin to version 1.8.8 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider temporarily disabling user registration on the WordPress site to prevent new account creation. While not a complete solution, this can reduce the immediate risk. Review existing user accounts for any suspicious activity and consider implementing stricter password policies. Monitor WordPress access logs for unusual login attempts or account creation patterns.
Aktualisieren Sie auf Version 1.8.8 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-8572 is a critical vulnerability in the Truelysell Core WordPress plugin allowing unauthenticated attackers to gain administrator access due to insufficient user role validation during registration.
Yes, if you are using Truelysell Core plugin versions 0 through 1.8.7, you are vulnerable to this privilege escalation attack.
Upgrade the Truelysell Core plugin to version 1.8.8 or later to resolve this vulnerability. If immediate upgrade is not possible, disable user registration temporarily.
While no widespread exploitation has been publicly reported, the ease of exploitation suggests a high probability of future attacks. Continuous monitoring is recommended.
Refer to the Truelysell Core plugin website or WordPress plugin repository for the official security advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.