CVE-2025-8572 is a critical security vulnerability identified in the Truelysell Core plugin for WordPress, affecting all versions up to and including 1.8.7. The root cause is improper privilege management (CWE-269), specifically insufficient validation of the user_role parameter during the user registration process. This flaw enables unauthenticated attackers to manipulate the user_role parameter to assign themselves elevated privileges, including administrator rights, without any authentication or user interaction. The vulnerability has a CVSS 3.1 base score of 9.8, reflecting its critical severity with a network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact is comprehensive, affecting confidentiality, integrity, and availability (C:H/I:H/A:H), meaning attackers can fully control the affected WordPress site, potentially leading to data breaches, site defacement, or service disruption. Although no known exploits have been observed in the wild yet, the vulnerability's characteristics make it highly exploitable. The plugin is commonly used in WordPress environments, often in e-commerce or marketplace contexts, increasing the attractiveness of targets. The vulnerability was reserved in August 2025 and published in February 2026, indicating recent discovery and disclosure. No official patches or updates are currently linked, emphasizing the urgency for vendors and users to address this issue promptly.

For European organizations, the impact of CVE-2025-8572 is significant. Exploitation allows attackers to gain administrative control over WordPress sites running the vulnerable Truelysell Core plugin, which can lead to full compromise of website content, user data, and backend systems. This can result in data breaches involving personal and financial information, reputational damage, and operational disruptions, especially for e-commerce platforms or marketplaces relying on this plugin. The ability to escalate privileges without authentication means attackers can bypass all access controls, making traditional perimeter defenses ineffective. Additionally, compromised sites can be used to distribute malware, conduct phishing campaigns, or serve as launchpads for further attacks within corporate networks. Given the widespread use of WordPress across Europe, particularly in small to medium enterprises and digital services, the threat surface is broad. Regulatory implications under GDPR are also critical, as data breaches could lead to substantial fines and legal consequences. The absence of known exploits in the wild currently provides a window for proactive mitigation but also suggests that attackers may soon develop weaponized exploits due to the vulnerability's simplicity and severity.

1. Immediate action should be taken to update the Truelysell Core plugin to a patched version once released by the vendor. Until then, consider disabling the plugin or removing it entirely if feasible. 2. Restrict user registration on WordPress sites to trusted users only, or disable public registration to prevent unauthorized account creation. 3. Implement strict server-side validation of user_role and other critical parameters to ensure they cannot be manipulated during registration or profile updates. 4. Monitor logs and user account creation activities for unusual patterns, such as new administrator accounts created without proper authorization. 5. Employ Web Application Firewalls (WAFs) with custom rules to detect and block attempts to exploit this vulnerability by filtering suspicious user_role parameter values. 6. Conduct regular security audits and penetration testing focused on privilege escalation vectors within WordPress environments. 7. Educate site administrators about the risks of installing unverified plugins and the importance of timely updates. 8. Consider isolating WordPress instances in segmented network zones to limit lateral movement if compromise occurs. 9. Backup website data frequently and verify restoration procedures to minimize downtime and data loss in case of an incident.