CVE-2025-13851

CRITICAL

Buyent Classified Plugin 1.0.7 - Privilege Escalation

Title source: llm

Description

The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.0.7. This is due to the plugin not validating or restricting the user role during registration via the REST API endpoint. This makes it possible for unauthenticated attackers to register accounts with arbitrary roles, including administrator, by manipulating the _buyent_classified_user_type parameter during the registration process, granting them complete control over the WordPress site.

References (2)

[Various Sources] https://themeforest.net/item/buyent-classified-wordpress-theme/32588790

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/f3e618cf-dd77-45a7-ab57-5732fd329883?source=cve

Scores

CVSS v3 9.8

EPSS 0.0011

EPSS Percentile 28.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-269

Status published

Products (1)

scriptsbundle/Buyent < 1.0.7

Published Feb 19, 2026

Tracked Since Feb 19, 2026