CVE-2025-13618
🟠 Łataj w tym tygodniu
Wtyczka Mentoring dla WordPressa pozwala na eskalację uprawnień do konta administratora.
CVSS
9.8
EPSS
0.1%
Exploit
none
Vendor
Opis źródłowy (NVD)
The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.
privilege-escalation
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.1% |
| Opublikowano (NVD) | 2026-05-05 03:15:58 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-05 19:09:32 UTC |
Referencje
- https://mentoring-wp.dreamsmarketplace.com/documentation/changelog.html (security@wordfence.com)
- https://themeforest.net/item/mentoring-education-wordpress-theme/36457081 (security@wordfence.com)
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7192fb4c-0434-4e11-a2a7-c205b8d6b68e?source=cve (security@wordfence.com)