CVE-2025-6254

Name of the Vulnerable Software and Affected Versions Doctreat Core plugin for WordPress versions prior to 1.6.9

Description The plugin is subject to privilege escalation because the doctreat process registration() function does not properly restrict the roles assigned during user registration. This allows unauthenticated attackers to register an account with administrator privileges.

Recommendations Update the plugin to a version later than 1.6.8. As a temporary workaround, restrict access to the registration functionality until the update is applied.