CYBERHAWK / CVE / CVE-2025-6254

CVE-2025-6254

CRITICAL CVSS 9.8 other

The flaw

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() function not properly restricting the roles that a user can registe

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2025-6254

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits