Primary

Context

Truelysell Core WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the Truelysell Core plugin for WordPress, affecting versions through 1.8.7. The issue arises from inadequate validation of the user_role parameter during user registration, allowing unauthenticated attackers to create accounts with elevated privileges, including administrative rights.

Impact

Exploitation of this vulnerability allows unauthenticated users to gain administrative privileges on the WordPress site.

Remediation

Users are advised to update the Truelysell Core plugin to version 1.8.8 or a newer patched version.

Added: Feb 14, 2026, 9:19 AM

Updated: Feb 14, 2026, 9:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

2.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

2.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Truelysell Core WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating