CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-0177

The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.6%

CVSS Severity

CVSS v3 Score 9.8

References

https://themeforest.net/item/javo-directory-wordpress-theme/8390513#item-description__update-history
https://www.wordfence.com/threat-intel/vulnerabilities/id/7d636768-37b4-4343-9028-30e7b1f997f2?source=cve

Products affected by CVE-2025-0177

Javothemes » Javo Core » Version: Any

cpe:2.3:a:javothemes:javo_core:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-0177

Products

Pricing

Contact Us