CVE-2025-13851
📋 TL;DR
The Buyent Classified plugin for WordPress allows unauthenticated attackers to register accounts with administrator privileges by manipulating the user role parameter during registration. This vulnerability affects all WordPress sites using Buyent Classified plugin versions up to 1.0.7, including those bundled with the Buyent theme.
💻 Affected Systems
- Buyent Classified WordPress Plugin
- Buyent WordPress Theme (bundled plugin)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers gain full administrative control, can install backdoors, steal data, deface the site, or use it for further attacks.
Likely Case
Attackers create administrator accounts to gain persistent access, potentially leading to data theft, malware distribution, or site compromise.
If Mitigated
If registration is disabled or properly restricted, impact is limited to authenticated users attempting privilege escalation.
🎯 Exploit Status
Simple HTTP POST request manipulation to the registration endpoint with modified role parameter.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.0.7
Vendor Advisory: https://themeforest.net/item/buyent-classified-wordpress-theme/32588790
Restart Required: No
Instructions:
1. Update Buyent Classified plugin to latest version. 2. If using bundled version with Buyent theme, update theme to latest version. 3. Verify user registration functionality works correctly.
🔧 Temporary Workarounds
Disable User Registration
allTemporarily disable user registration functionality in WordPress settings
WordPress Admin > Settings > General > Membership: Uncheck 'Anyone can register'
Block REST API Registration Endpoint
linuxUse .htaccess or web server configuration to block access to vulnerable endpoint
# Add to .htaccess:
RewriteEngine On
RewriteRule ^wp-json/buyent-classified/register - [F,L]
🧯 If You Can't Patch
- Disable the Buyent Classified plugin completely
- Implement web application firewall rules to block suspicious registration requests
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel for Buyent Classified plugin version 1.0.7 or earlierCheck Version:
WordPress Admin > Plugins > Buyent Classified (or check theme bundled plugin version)Verify Fix Applied:
Verify plugin version is greater than 1.0.7 and test registration with role manipulation attempts📡 Detection & Monitoring
Log Indicators:
- Multiple user registration attempts with unusual role parameters
- New administrator accounts created via REST API
- POST requests to /wp-json/buyent-classified/register with _buyent_classified_user_type parameter
Network Indicators:
- HTTP POST requests to registration endpoint with role manipulation
- Unusual spikes in user registration traffic
SIEM Query:
source="wordpress" AND (uri_path="/wp-json/buyent-classified/register" OR post_data="_buyent_classified_user_type")