CVE-2025-13618 - Mentoring <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration
CVE ID :CVE-2025-13618 Published : May 5, 2026, 3:15 a.m. | 55 minutes ago Description :The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register wit
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] DigiCert Hacked in Screensaver-Based Attack to Fraudulently Obtain EV Code Signing Certificates
- [CYBER] CSA tasks critical information infrastructure leaders to review cyber risks due to AI-enabled threats
- [CYBER] CVE-2026-7810 - UsamaK98 python-notebook-mcp server.py add_cell path traversal
- [CYBER] CVE-2026-5159 - Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Follow Button Text' Parameter
- [CYBER] CVE-2026-4665 - WP Carousel Free <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-caption' Attribute
- [CYBER] CVE-2026-4803 - Royal Addons for Elementor <= 1.7.1056 - Unauthenticated Stored Cross-Site Scripting via 'status' Parameter in wpr_update_form_action_meta