Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-12981

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-27 Feb, 2026 | 06:43
Updated At-27 Feb, 2026 | 18:47
Rejected At-
Credits

Listee <= 1.1.6 - Unauthenticated Privilege Escalation

The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the user_role parameter. This makes it possible for unauthenticated attackers to register as Administrator by manipulating the user_role parameter during registration.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:27 Feb, 2026 | 06:43
Updated At:27 Feb, 2026 | 18:47
Rejected At:
▼CVE Numbering Authority (CNA)
Listee <= 1.1.6 - Unauthenticated Privilege Escalation

The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the user_role parameter. This makes it possible for unauthenticated attackers to register as Administrator by manipulating the user_role parameter during registration.

Affected Products
Vendor
dreamstechnologies
Product
Listee
Default Status
unaffected
Versions
Affected
  • From * through 1.1.6 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Ismail Syaleh
Timeline
EventDate
Disclosed2026-02-26 17:48:51
Event: Disclosed
Date: 2026-02-26 17:48:51
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/d534feae-d1b7-4544-b1c5-c23f37dd5bab?source=cve
N/A
https://themeforest.net/item/listee-classified-ads-wordpress-theme/44526956
N/A
https://themes.trac.wordpress.org/browser/listee/1.1.5/listee-core/includes/listee-core-users.php#L928
N/A
https://listee-wp.dreamstechnologies.com/documentation/changelog.html
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/d534feae-d1b7-4544-b1c5-c23f37dd5bab?source=cve
Resource: N/A
Hyperlink: https://themeforest.net/item/listee-classified-ads-wordpress-theme/44526956
Resource: N/A
Hyperlink: https://themes.trac.wordpress.org/browser/listee/1.1.5/listee-core/includes/listee-core-users.php#L928
Resource: N/A
Hyperlink: https://listee-wp.dreamstechnologies.com/documentation/changelog.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:27 Feb, 2026 | 07:17
Updated At:27 Feb, 2026 | 14:06

The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the user_role parameter. This makes it possible for unauthenticated attackers to register as Administrator by manipulating the user_role parameter during registration.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-269Primarysecurity@wordfence.com
CWE ID: CWE-269
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://listee-wp.dreamstechnologies.com/documentation/changelog.htmlsecurity@wordfence.com
N/A
https://themeforest.net/item/listee-classified-ads-wordpress-theme/44526956security@wordfence.com
N/A
https://themes.trac.wordpress.org/browser/listee/1.1.5/listee-core/includes/listee-core-users.php#L928security@wordfence.com
N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/d534feae-d1b7-4544-b1c5-c23f37dd5bab?source=cvesecurity@wordfence.com
N/A
Hyperlink: https://listee-wp.dreamstechnologies.com/documentation/changelog.html
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://themeforest.net/item/listee-classified-ads-wordpress-theme/44526956
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://themes.trac.wordpress.org/browser/listee/1.1.5/listee-core/includes/listee-core-users.php#L928
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/d534feae-d1b7-4544-b1c5-c23f37dd5bab?source=cve
Source: security@wordfence.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

258Records found
CVE-2024-9636
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.99% / 76.53%
||
7 Day CHG-0.19%
Published-15 Jan, 2025 | 09:25
Updated-15 Jan, 2025 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator.

Action-Not Available
Vendor-pickplugins
Product-Post Grid and Gutenberg Blocks – ComboBlocks
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-7493
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-1.02% / 76.93%
||
7 Day CHG~0.00%
Published-06 Sep, 2024 | 13:55
Updated-26 Sep, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPCOM Member <= 1.5.2.1 - Unauthenticated Privilege Escalation via User Meta

The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers to update their role to that of an administrator during registration.

Action-Not Available
Vendor-wpcomwhyunwpcom
Product-wpcom_memberWPCOM Memberwpcom-member
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-6359
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6.4||MEDIUM
EPSS-0.27% / 50.21%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 13:08
Updated-19 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation vulnerability

Privilege escalation vulnerability identified in OpenText ArcSight Intelligence.

Action-Not Available
Vendor-Open Text Corporation
Product-arcsight_intelligenceArcSight Intelligence
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-4719
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.85% / 74.61%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 01:13
Updated-06 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.

Action-Not Available
Vendor-pexipn/a
Product-pexip_infinityn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-15403
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 34.65%
||
7 Day CHG~0.00%
Published-17 Jan, 2026 | 02:22
Updated-26 Jan, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RegistrationMagic <= 6.0.7.1 - Privilege Escalation via admin_order

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_exists' AJAX action and allows arbitrary updates to the 'admin_order' setting. This makes it possible for unauthenticated attackers to injecting an empty slug into the order parameter, and manipulate the plugin's menu generation logic, and when the admin menu is subsequently built, the plugin adds 'manage_options' capability for the target role. Note: The vulnerability can only be exploited unauthenticated, but further privilege escalation requires at least a subscriber user.

Action-Not Available
Vendor-Metagauss Inc.
Product-RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-4992
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.39%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. There is privilege escalation (arbitrary password reset) with user invitations.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Cloud Foundry
Product-cloud_foundry_uaacf-releasecloud_foundry_uaa_boshCloud Foundry
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-26369
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.02% / 4.83%
||
7 Day CHG~0.00%
Published-15 Feb, 2026 | 15:29
Updated-28 Feb, 2026 | 01:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JUNG eNet SMART HOME server 2.2.1/2.3.1 Privilege Escalation via setUserGroup

eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/management specifying their own username to elevate their account to the UG_ADMIN group, bypassing intended access controls and gaining administrative capabilities such as modifying device configurations, network settings, and other smart home system functions.

Action-Not Available
Vendor-jung-groupJUNG
Product-enet_smart_homeeNet SMART HOME server
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-25133
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-9.1||CRITICAL
EPSS-0.31% / 53.83%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 00:00
Updated-04 Feb, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper privilege management vulnerability in CyberPower PowerPanel Business

Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.

Action-Not Available
Vendor-Cyber Power Systems, Inc.
Product-powerpanelPowerPanel Business ManagementPowerPanel Business Local / Remote
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found