CRITICALCVE-2025-8572CVSS 9.8

Truelysell Core <= 1.8.7 - पंजीकरण के माध्यम से गैर-प्रमाणित विशेषाधिकार वृद्धि

Q: What is CVE-2025-8572 — Privilege Escalation in Truelysell Core?

CVE-2025-8572 is a critical vulnerability in the Truelysell Core WordPress plugin allowing unauthenticated attackers to gain administrator access due to insufficient user role validation during registration.

Q: Am I affected by CVE-2025-8572 in Truelysell Core?

Yes, if you are using Truelysell Core plugin versions 0 through 1.8.7, you are vulnerable to this privilege escalation attack.

Q: How do I fix CVE-2025-8572 in Truelysell Core?

Upgrade the Truelysell Core plugin to version 1.8.8 or later to resolve this vulnerability. If immediate upgrade is not possible, disable user registration temporarily.

Q: Is CVE-2025-8572 being actively exploited?

While no widespread exploitation has been publicly reported, the ease of exploitation suggests a high probability of future attacks. Continuous monitoring is recommended.

Q: Where can I find the official Truelysell Core advisory for CVE-2025-8572?

Refer to the Truelysell Core plugin website or WordPress plugin repository for the official security advisory and update information.

प्लेटफ़ॉर्म

wordpress

घटक

truelysell-core

में ठीक किया गया

1.8.8

AI Confidence: highNVDEPSS 0.0%समीक्षित: मई 2026

NVD पर देखें

सहेजें

आपकी भाषा में अनुवाद हो रहा है…

CVE-2025-8572 is a critical privilege escalation vulnerability affecting the Truelysell Core plugin for WordPress. Attackers can exploit this flaw to bypass authentication and gain unauthorized administrator privileges. This vulnerability impacts versions 0 through 1.8.7 of the plugin and has been resolved in version 1.8.8.

WordPress

इस CVE को अपने प्रोजेक्ट में पहचानें

अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।

मुफ्त स्कैन करें

प्रभाव और हमले की स्थितियाँअनुवाद हो रहा है…

Successful exploitation of CVE-2025-8572 allows an unauthenticated attacker to register a new user account and assign themselves an elevated role, including administrator. This grants complete control over the WordPress site, enabling the attacker to modify content, install malicious plugins, steal sensitive data (user credentials, customer information, financial data), and potentially compromise the entire server. The impact is particularly severe for WordPress sites hosting e-commerce functionality or containing sensitive user data, as the attacker can directly manipulate the database and system configurations.

शोषण संदर्भअनुवाद हो रहा है…

CVE-2025-8572 was published on 2026-02-14. Severity is currently assessed as CRITICAL (CVSS 9.8). Public proof-of-concept exploits are not yet widely available, but the ease of exploitation suggests a high likelihood of future exploitation attempts. Monitor security advisories and threat intelligence feeds for any indications of active campaigns targeting this vulnerability.

खतरा खुफिया

एक्सप्लॉइट स्थिति

प्रूफ ऑफ कॉन्सेप्टअज्ञात

CISA KEVNO

इंटरनेट एक्सपोज़रउच्च

EPSS

0.03% (10% शतमक)

CISA SSVC

शोषणnone

स्वचालनीयyes

तकनीकी प्रभावtotal

CVSS वेक्टर

इन मेट्रिक्स का क्या मतलब है?

Attack Vector: नेटवर्क — इंटरनेट के माध्यम से दूरस्थ रूप से शोषण योग्य। कोई भौतिक या स्थानीय पहुंच आवश्यक नहीं।
Attack Complexity: निम्न — कोई विशेष शर्त नहीं। विश्वसनीय रूप से शोषण योग्य।
Privileges Required: कोई नहीं — बिना प्रमाणीकरण के शोषण योग्य।
User Interaction: कोई नहीं — स्वचालित और मूक हमला। पीड़ित कुछ नहीं करता।
Scope: अपरिवर्तित — प्रभाव केवल कमज़ोर घटक तक सीमित।
Confidentiality: उच्च — पूर्ण गोपनीयता हानि। हमलावर सभी डेटा पढ़ सकता है।
Integrity: उच्च — हमलावर कोई भी डेटा लिख, बदल या हटा सकता है।
Availability: उच्च — पूर्ण क्रैश या संसाधन समाप्ति। पूर्ण सेवा से इनकार।

प्रभावित सॉफ्टवेयर

घटकtruelysell-core

विक्रेताwordfence

प्रभावित श्रेणीमें ठीक किया गया

0 – 1.8.71.8.8

कमजोरी वर्गीकरण (CWE)

CWE-269

समयरेखा

आरक्षित2025-08-04
प्रकाशित2026-02-14
संशोधित2026-04-08
EPSS अद्यतन2026-03-23

शमन और वर्कअराउंडअनुवाद हो रहा है…

The primary mitigation for CVE-2025-8572 is to immediately upgrade the Truelysell Core plugin to version 1.8.8 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling user registration on the WordPress site to prevent new account creation. While not a complete solution, implementing a Web Application Firewall (WAF) with rules to block suspicious user registration attempts can provide an additional layer of defense. Review WordPress user accounts for any unexpected administrator accounts.

कैसे ठीक करें

संस्करण 1.8.8 में अपडेट करें, या एक नया पैच किया गया संस्करण

CVE सुरक्षा न्यूज़लेटर

भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।

अक्सर पूछे जाने वाले सवालअनुवाद हो रहा है…

What is CVE-2025-8572 — Privilege Escalation in Truelysell Core?

CVE-2025-8572 is a critical vulnerability in the Truelysell Core WordPress plugin allowing unauthenticated attackers to gain administrator access due to insufficient user role validation during registration.

Am I affected by CVE-2025-8572 in Truelysell Core?

Yes, if you are using Truelysell Core plugin versions 0 through 1.8.7, you are vulnerable to this privilege escalation attack.

How do I fix CVE-2025-8572 in Truelysell Core?

Upgrade the Truelysell Core plugin to version 1.8.8 or later to resolve this vulnerability. If immediate upgrade is not possible, disable user registration temporarily.

Is CVE-2025-8572 being actively exploited?

While no widespread exploitation has been publicly reported, the ease of exploitation suggests a high probability of future attacks. Continuous monitoring is recommended.

Where can I find the official Truelysell Core advisory for CVE-2025-8572?

Refer to the Truelysell Core plugin website or WordPress plugin repository for the official security advisory and update information.

क्या आपका प्रोजेक्ट प्रभावित है?

मुफ्त स्कैन करें CVE खोजें