Foxyyy (Friderika Baranyai)

1 exploit Active since Jun 2026
CVE-2025-6254 GITHUB CRITICAL python WORKING POC
Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation
The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers to register as an administrator user.
CVSS 9.8