The vulnerability identified as CVE-2025-8572 affects the Truelysell Core plugin for WordPress, specifically versions less than or equal to 1.8.7. The root cause is improper privilege management (CWE-269), where the plugin fails to adequately validate the user_role parameter during the user registration process. This flaw allows unauthenticated attackers to manipulate the user_role field to assign themselves elevated privileges, including administrator rights, without any authentication or user interaction. The vulnerability is remotely exploitable over the network (AV:N), requires no privileges (PR:N), and no user interaction (UI:N), making it highly accessible to attackers. The impact is critical, with full compromise of confidentiality, integrity, and availability (C:H/I:H/A:H) of the affected WordPress site. This could lead to complete site takeover, data theft, defacement, or use of the site as a platform for further attacks. No patches are currently linked, indicating the need for urgent vendor response or temporary mitigations. The vulnerability was reserved in August 2025 and published in February 2026, with no known exploits in the wild to date. The plugin is used primarily in WordPress environments, often in e-commerce or service marketplaces, increasing the attractiveness of this vulnerability to attackers targeting such platforms.

The impact of CVE-2025-8572 is severe and wide-ranging. Successful exploitation allows attackers to gain administrator-level access to WordPress sites running the vulnerable Truelysell Core plugin, enabling full control over the site. This includes the ability to modify or delete content, steal sensitive user data, install malicious code or backdoors, and disrupt site availability. For organizations, this can result in significant reputational damage, loss of customer trust, regulatory penalties (especially if personal data is compromised), and financial losses due to downtime or remediation costs. E-commerce platforms using this plugin are particularly at risk of fraud and theft. The ease of exploitation without authentication or user interaction means attacks can be automated and widespread, potentially affecting thousands of sites globally. The absence of known exploits currently provides a window for proactive defense, but the critical severity score underscores the urgency of addressing this vulnerability before active exploitation emerges.

Given the critical nature of this vulnerability, organizations should take immediate and specific actions: 1) Monitor official channels from dreamstechnologies for patches or updates addressing CVE-2025-8572 and apply them promptly once released. 2) Until patches are available, disable user registration on affected WordPress sites or restrict it to trusted users only. 3) Implement web application firewall (WAF) rules to detect and block suspicious requests attempting to manipulate the user_role parameter during registration. 4) Audit existing user accounts for unauthorized administrator accounts and remove any suspicious entries. 5) Enforce strong monitoring and alerting on account creation events and privilege changes within WordPress. 6) Consider isolating or limiting the plugin’s functionality if possible, or temporarily replacing it with alternative solutions. 7) Educate site administrators about the risks and signs of compromise related to privilege escalation. These targeted mitigations go beyond generic advice by focusing on controlling user registration flows and monitoring privilege assignments specific to this vulnerability.