CVE-2025-6254
CRITICAL NVDCVSS Score
9.8
Severity
CRITICAL
Source
NVD
Published
Jun 10, 2026
Description
The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers to register as an administrator user.