A critical privilege escalation vulnerability in the Buyent Classified WordPress plugin allows unauthenticated attackers to register accounts with administrator privileges, gaining full site control.

The plugin's REST API registration endpoint fails to validate or restrict the user role. By manipulating the _buyent_classified_user_type parameter, an unauthenticated attacker can assign themselves the 'administrator' role during registration.

This flaw provides a direct path to total site takeover. An attacker can gain full administrative access, allowing them to modify content, steal user data, or install malicious software. The CVSS score of 9.8 underscores the extreme severity of unauthenticated privilege escalation.

Immediate Action: Update the Buyent Classified plugin to the latest version immediately to close the registration loophole.

Proactive Monitoring: Review the WordPress user list for any newly registered accounts with the 'administrator' role that were not explicitly authorized.

Compensating Controls: Disable user registration via the REST API if it is not a core requirement for your business operations.

Public Exploit Available: No

This vulnerability effectively removes the security perimeter of the WordPress site. Administrators must update the plugin immediately and audit their user database for unauthorized administrative accounts created during the vulnerable period.