Security Advisory

CVE-2025-12981

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-27 06:43:49

Last updated 2026-04-08 17:26:00

Assigner Wordfence

State PUBLISHED

Description

The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugins user registration function that fails to properly sanitize the user_role parameter. This makes it possible for unauthenticated attackers to register as Administrator by manipulating the user_role parameter during registration.

← Browse all CVEs View on cve.org ↗