An unauthenticated privilege escalation vulnerability in the Doctreat Core plugin for WordPress allows attackers to gain full administrative access to the platform.

The vulnerability exists in the doctreat_process_registration() function, which fails to adequately restrict user roles during the registration process. This allows an unauthenticated attacker to inject registration requests that result in the creation of an account with administrator privileges.

With a CVSS score of 9.8, this flaw is critical. Administrative access allows an attacker to take complete control of the WordPress site, modify content, install malicious plugins, and compromise sensitive user data. This poses an extreme risk of site defacement, malware distribution, and total data breach.

Immediate Action: Update the Doctreat Core plugin to the latest version immediately to ensure the registration process correctly validates user roles.

Proactive Monitoring: Audit the WordPress user database for suspicious accounts with administrator privileges created recently and review registration logs for anomalous activity.

Compensating Controls: Use a Web Application Firewall (WAF) to block suspicious registration requests that deviate from standard user patterns.

Public Exploit Available: True

This vulnerability is highly dangerous due to the ease of exploitation and the level of access granted. Organizations running the Doctreat Core plugin must prioritize this update as a critical security task to prevent total site takeover.