Primary

Context

Listee WordPress Theme Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability exists in the Listee WordPress theme, affecting all versions through 1.1.6. The issue arises from a flawed validation in the user registration function of the bundled listee-core plugin, which inadequately sanitizes the user_role parameter. This vulnerability allows unauthenticated attackers to register as Administrators by manipulating the user_role parameter during the registration process.

Impact

Exploitation of this vulnerability allows unauthenticated users to gain Administrator privileges on the WordPress site.

Remediation

Users can update to version 1.1.7 or a newer patched version to address this vulnerability.

Added: Feb 27, 2026, 7:22 AM

Updated: Feb 27, 2026, 2:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

3.3

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

3.3

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Listee WordPress Theme Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating