CVE-2025-13680

Name of the Vulnerable Software and Affected Versions WordPress Tiger theme versions prior to 101.2.2

Description The Tiger theme for WordPress allows privilege escalation due to a flaw in the set role() function. Authenticated attackers with Subscriber-level access or higher can elevate their privileges to administrator level. The vulnerable component is the $user->set role() function, which allows modification of a user's role.

Recommendations Update the WordPress Tiger theme to version 101.2.2 or later.