{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12981", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-10T19:25:53.619Z", "datePublished": "2026-02-27T06:43:49.771Z", "dateUpdated": "2026-04-08T17:26:00.860Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:26:00.860Z"}, "affected": [{"vendor": "dreamstechnologies", "product": "Listee", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the user_role parameter. This makes it possible for unauthenticated attackers to register as Administrator by manipulating the user_role parameter during registration."}], "title": "Listee <= 1.1.6 - Unauthenticated Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d534feae-d1b7-4544-b1c5-c23f37dd5bab?source=cve"}, {"url": "https://themeforest.net/item/listee-classified-ads-wordpress-theme/44526956"}, {"url": "https://themes.trac.wordpress.org/browser/listee/1.1.5/listee-core/includes/listee-core-users.php#L928"}, {"url": "https://listee-wp.dreamstechnologies.com/documentation/changelog.html"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Ismail Syaleh"}], "timeline": [{"time": "2026-02-26T17:48:51.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T18:46:49.131795Z", "id": "CVE-2025-12981", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T18:47:00.498Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12981", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-27T18:46:49.131795Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T18:46:56.124Z"}}], "cna": {"title": "Listee <= 1.1.6 - Unauthenticated Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Ismail Syaleh"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "dreamstechnologies", "product": "Listee", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-26T17:48:51.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d534feae-d1b7-4544-b1c5-c23f37dd5bab?source=cve"}, {"url": "https://themeforest.net/item/listee-classified-ads-wordpress-theme/44526956"}, {"url": "https://themes.trac.wordpress.org/browser/listee/1.1.5/listee-core/includes/listee-core-users.php#L928"}, {"url": "https://listee-wp.dreamstechnologies.com/documentation/changelog.html"}], "descriptions": [{"lang": "en", "value": "The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the user_role parameter. This makes it possible for unauthenticated attackers to register as Administrator by manipulating the user_role parameter during registration."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:26:00.860Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12981", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:26:00.860Z", "dateReserved": "2025-11-10T19:25:53.619Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-27T06:43:49.771Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the user_role parameter. This makes it possible for unauthenticated attackers to register as Administrator by manipulating the user_role parameter during registration."}, {"lang": "es", "value": "El tema Listee para WordPress es vulnerable a escalada de privilegios en todas las versiones hasta la 1.1.6, inclusive. Esto se debe a una comprobaci\u00f3n de validaci\u00f3n defectuosa en la funci\u00f3n de registro de usuario del plugin listee-core incluido que no logra sanear correctamente el par\u00e1metro user_role. Esto hace posible que atacantes no autenticados se registren como Administrador manipulando el par\u00e1metro user_role durante el registro."}], "id": "CVE-2025-12981", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-27T07:17:09.300", "references": [{"source": "security@wordfence.com", "url": "https://listee-wp.dreamstechnologies.com/documentation/changelog.html"}, {"source": "security@wordfence.com", "url": "https://themeforest.net/item/listee-classified-ads-wordpress-theme/44526956"}, {"source": "security@wordfence.com", "url": "https://themes.trac.wordpress.org/browser/listee/1.1.5/listee-core/includes/listee-core-users.php#L928"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d534feae-d1b7-4544-b1c5-c23f37dd5bab?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.1.6]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Listee", "source": "cna", "vendor": "dreamstechnologies"}, "product": "listee", "vendor": "dreamstechnologies"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-21T15:50:39.097130+00:00", "value": {"mitigation_remediation": ["Contact Dreamstechnologies or review the theme\u2019s release notes to determine whether an official patch that correctly validates the user_role parameter has been released.", "If no patch is available, remove or hide the user_role field from the registration form so that users cannot select elevated roles.", "Force all new registrations to be assigned the default \"Subscriber\" role by adding a custom snippet or using a role\u2011management plugin, ensuring that elevated roles cannot be granted during account creation."], "summary": {"action": "Apply Workaround", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The issue applies to every release of the Listee WordPress theme published up to and including version 1.1.6. Sites running those versions are exposed regardless of other security settings, as the vulnerable registration code is shipped with the theme by Dreamstechnologies.", "description_and_impact": "A flaw in Listee\u2019s bundled core plugin allows anyone who registers a new account to specify the user_role parameter without proper sanitization. This flaw lets an unauthenticated attacker create an Administrator account and gain full control over the WordPress site, including the ability to modify content, install plugins, or exfiltrate data. The vulnerability is identified as CWE\u2011269, Improper Restriction of Operations within the Bounds of a User.", "risk_and_exploitability": "The base score of 9.8 indicates a critical flaw. The EPSS score of less than 1\u202f% denotes a low probability of exploitation in the wild, and the vulnerability is not listed in CISA\u2019s KEV catalog. Attackers can exploit the flaw by sending a crafted registration request to the public registration endpoint with the user_role set to Administrator; no prior authentication or special network permissions are required."}}}}, "created": "2026-02-27T16:06:07.831864+00:00", "updated": "2026-04-21T16:00:13.269909+00:00", "vendors": ["dreamstechnologies", "dreamstechnologies$PRODUCT$listee", "wordpress", "wordpress$PRODUCT$wordpress"]}