CVE-2025-0177CRITICAL 9.8EPSS p33.2%

CVE-2025-0177CVE-2025-0177

Description

The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.42% probability of exploitation · percentile 33.2% · 2026-06-19T12:03:05Z
Published2025-03-08
Last modified2025-03-13

Underlying weaknesses· 1

CWE-269

References

  1. https://themeforest.net/item/javo-directory-wordpress-theme/8390513#item-description__update-history
  2. https://www.wordfence.com/threat-intel/vulnerabilities/id/7d636768-37b4-4343-9028-30e7b1f997f2?source=cve

1

TypeTargetConfidenceTier
WeaknessImproper Privilege Managementcwe-2690%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-15027
CVE
CVE-2025-8900
CVE
CVE-2025-0180
CVE
CVE-2025-15100
CVE
CVE-2025-11533
CVE
CVE-2025-3918
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.