An unauthenticated privilege escalation vulnerability in the WordPress TheCartPress plugin allows attackers to gain full administrative control by injecting unauthorized user registration requests.

This is an unauthenticated privilege escalation vulnerability in the tcp_register_and_login_ajax action. Attackers can send crafted POST requests to the AJAX handler with the tcp_role parameter set to "administrator" to create an illicit admin account.

With a CVSS score of 9.8, this flaw allows for immediate and total takeover of the WordPress installation. An attacker with administrative access can modify site content, install malicious plugins, or access sensitive customer data, leading to severe business and privacy impacts.

Immediate Action: Update the TheCartPress plugin to the latest version. If a patch is unavailable, deactivate or remove the plugin until a secure version is released.

Proactive Monitoring: Review the site's user list for any unauthorized administrator accounts created recently and check logs for anomalous AJAX requests.

Compensating Controls: Restrict access to the admin-ajax.php file using server-level configuration or a WAF to prevent unauthorized registrations.

Public Exploit Available: Unknown

Privilege escalation vulnerabilities are critical and must be remediated immediately. Administrators should audit all existing administrative users to ensure no accounts have been compromised through this vector.