{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13680", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-25T18:52:49.036Z", "datePublished": "2025-11-27T04:36:44.903Z", "dateUpdated": "2026-04-08T16:57:32.709Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:57:32.709Z"}, "affected": [{"vendor": "DirectoryThemes", "product": "Tiger", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "101.2.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user->set_role() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."}], "title": "Tiger <= 101.2.1 - Authenticated (Subscriber+) Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/645f60ad-c8e5-47ec-94f1-960de4ef7838?source=cve"}, {"url": "https://themeforest.net/item/tiger-social-network-theme-for-companies-professionals/16203995"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "timeline": [{"time": "2025-11-25T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-11-26T16:19:02.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-28T14:40:18.831760Z", "id": "CVE-2025-13680", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-28T19:33:06.518Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13680", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-28T14:40:18.831760Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-28T14:40:19.585Z"}}], "cna": {"title": "Tiger <= 101.2.1 - Authenticated (Subscriber+) Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "DirectoryThemes", "product": "Tiger", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "101.2.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-25T00:00:00.000+00:00", "value": "Discovered"}, {"lang": "en", "time": "2025-11-26T16:19:02.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/645f60ad-c8e5-47ec-94f1-960de4ef7838?source=cve"}, {"url": "https://themeforest.net/item/tiger-social-network-theme-for-companies-professionals/16203995"}], "descriptions": [{"lang": "en", "value": "The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user->set_role() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-11-27T04:36:44.903Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13680", "state": "PUBLISHED", "dateUpdated": "2025-11-28T19:33:06.518Z", "dateReserved": "2025-11-25T18:52:49.036Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-27T04:36:44.903Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user->set_role() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."}], "id": "CVE-2025-13680", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-27T05:16:15.253", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/tiger-social-network-theme-for-companies-professionals/16203995"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/645f60ad-c8e5-47ec-94f1-960de4ef7838?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T17:56:16.491219+00:00", "value": {"mitigation_remediation": ["Upgrade Tiger theme to a version higher than 101.2.1", "If an update is not possible, disable or remove the theme until the issue is resolved", "Review and enforce least privilege for all user accounts and monitor for unauthorized role changes"], "summary": {"action": "Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "All installations of the Tiger WordPress theme with version 101.2.1 or earlier are affected. The theme, provided by DirectoryThemes, is used on WordPress sites that rely on this social network theme.", "description_and_impact": "The vulnerability in the Tiger theme for WordPress allows authenticated users with Subscriber-level privileges or higher to elevate their account to an administrator. This is caused by the theme's plugin permitting role updates via the $user->set_role() function. The resulting exploit grants full administrative rights, enabling the attacker to modify site content, install malicious plugins, and access sensitive data, thereby compromising confidentiality, integrity, and availability of the WordPress installation.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity for privilege escalation. The EPSS score of less than 1% suggests exploitation is currently rare, and the vulnerability is not listed in CISA KEV. The attack vector requires an authenticated user, so an attacker must have at least Subscriber access and exploit the $user->set_role() function exposed by the theme. Once executed, the attacker can gain administrator rights and control over the site."}}}}, "created": "2025-11-27T16:26:02.157127+00:00", "updated": "2026-04-21T18:00:11.736572+00:00", "vendors": ["directorythemes", "directorythemes$PRODUCT$tiger", "wordpress", "wordpress$PRODUCT$wordpress"]}