PT-2026-22305 · WordPress · Listee-Core Plugin+1
Ismail Syaleh
·
Published
2026-02-27
·
Updated
2026-03-19
·
CVE-2025-12981
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Listee theme for WordPress versions prior to 1.1.7
Description
The Listee theme for WordPress is affected by a privilege escalation issue. A broken validation check in the bundled listee-core plugin’s user registration function does not properly sanitize the
user role parameter. This allows unauthenticated attackers to register as Administrator by manipulating the user role parameter during registration.Recommendations
Update the Listee theme to version 1.1.7 or later.
Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Listee Theme
Listee-Core Plugin