GHSA-cx49-m9xj-cc6rCriticalCVSS 9.8

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up...

Published
June 10, 2026
Last Modified
June 10, 2026

🔗 CVE IDs covered (1)

📋 Description

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers to register as an administrator user.

🔗 References (4)