CVE-2025-0177

Name of the Vulnerable Software and Affected Versions Javo Core versions up to, and including, 3.0.0.080

Description The Javo Core plugin for WordPress is vulnerable to privilege escalation due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.

Recommendations For versions up to, and including, 3.0.0.080, update to a version later than 3.0.0.080 to resolve the issue. As a temporary workaround, consider disabling the account registration feature or restricting the role assignment capability to prevent unauthenticated attackers from gaining elevated privileges.