Wordpress Privilege Escalation (CVE-2025-13851)

Overview

A critical security vulnerability has been identified in the Buyent Classified plugin for WordPress (also bundled with the Buyent theme). This flaw allows any unauthenticated attacker to create a new user account with full administrator privileges, granting them complete control over the affected WordPress website.

Vulnerability Details

In all versions up to and including 1.0.7, the plugin’s user registration function does not properly verify the user role being assigned during sign-up. The plugin exposes a REST API endpoint that accepts a _buyent_classified_user_type parameter. Because this parameter is not validated, an attacker can manipulate it during the registration process to specify any role on the site, including an administrator. This bypasses all intended security checks, effectively letting anyone register as a site admin.

Potential Impact

The impact of this vulnerability is severe. A successful exploit gives an attacker the same level of access as the website’s owner. They can:

• Deface the website or inject malicious content.
• Steal sensitive user data.
• Install backdoors or other malware.
• Compromise the web server further.
• Delete or alter critical site information.

Given that the attack requires no prior authentication or user interaction, it is highly exploitable and poses an immediate risk to any site using the vulnerable plugin.

Remediation and Mitigation

Immediate action is required to secure affected websites.

Primary Solution: Update Immediately The most effective remediation is to update the Buyent Classified plugin to a patched version immediately. Contact the plugin/theme developer to confirm the availability of a version later than 1.0.7 and apply the update without delay.

Immediate Mitigation Steps If an update is not yet available, take these steps:

1. Disable the Plugin: Deactivate and completely remove the Buyent Classified plugin if it is not absolutely essential for site functionality.
2. Check for Compromise: Review your WordPress user list for any recently created, suspicious administrator accounts (especially those with unfamiliar email addresses) and remove them. Audit site files and database for unauthorized changes.
3. Restrict Access: Consider temporarily restricting user registration if it is not a core requirement for your site.
4. Theme Users: If you use the Buyent theme, verify if it bundles this plugin and follow the same steps. Consider switching to a different theme if necessary.

General Best Practice Always ensure your WordPress core, all plugins, and themes are kept up to date from official sources to mitigate the risk of known vulnerabilities.