A critical privilege escalation vulnerability exists in the Tiger theme for WordPress, allowing unauthenticated attackers to create an administrator account on an affected website. This flaw stems from an insecure user registration process that fails to validate user roles, permitting an attacker to gain complete control over the site. Successful exploitation could lead to website defacement, data theft, or further attacks originating from the compromised server.

The vulnerability exists within the paypal-submit.php file of the Tiger theme. This file handles user registration but fails to properly sanitize or restrict the user role that can be assigned during account creation. An unauthenticated attacker can submit a registration request and include a parameter specifying the 'administrator' role. Because the backend script does not validate this input against a list of permissible, low-privilege roles (e.g., 'subscriber'), the system processes the request and creates a new user with full administrative privileges.

This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the ease of exploitation and the maximum potential impact. An attacker gaining administrative access can completely compromise the website, leading to severe business consequences. These include theft of sensitive customer data, financial information, or intellectual property; website defacement causing significant reputational damage; and using the compromised website to host malware or launch phishing attacks against customers. The organization could face regulatory fines, legal liability, and a total loss of trust from its user base.

Immediate Action: Immediately update the Tiger theme for WordPress to the latest version available from the vendor, which addresses this vulnerability. After patching, conduct a thorough audit of all user accounts, especially those with administrator privileges, to identify and remove any unauthorized accounts created by exploiting this flaw.

Proactive Monitoring: Monitor web server access logs for any POST requests to the /wp-content/themes/TheTiger/paypal-submit.php file. Specifically, search for requests containing payloads such as role=administrator or similar attempts to manipulate user roles. Implement alerts for the creation of new administrator-level accounts to quickly detect potential compromises.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) rule to block any requests to paypal-submit.php that contain the string 'administrator' in the request body. Alternatively, if the registration functionality of this file is not required, disable access to it entirely using web server configuration rules (e.g., .htaccess on Apache).

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the fact that this vulnerability allows for a complete, unauthenticated takeover of the website, immediate remediation is strongly recommended. Organizations must prioritize the deployment of the vendor-supplied patch across all websites using the affected Tiger theme. Although this CVE is not currently listed on the CISA KEV catalog, its severity and ease of exploitation make it a prime target for opportunistic attackers, warranting urgent attention.