Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2
Critical2
High0
Medium0
Reset
Showing 1-2 of 2 records
Threat Entry Updated 2026-02-18

CVE-2025-8572 - Truelysell Core Plugin

The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the user_role parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevated privileges, including administrator access.

PLUGIN Truelysell Core

CVE-2025-8572

CRITICAL CVSS 9.8 2026-02-14
Open Full Technical Breakdown
Threat Entry Updated 2025-10-16

CVE-2025-10742 - Truelysell Core Plugin

The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. Note: This can only be exploited unauthenticated if the attacker knows which page contains the 'truelysell_edit_staff' shortcode.

PLUGIN Truelysell Core

CVE-2025-10742

CRITICAL CVSS 9.8 2025-10-16
Open Full Technical Breakdown
Scroll to top