Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
The Listee theme allows anyone to become an Administrator
CVE-2025-12981
Summary
The Listee theme for WordPress is affected. If not updated, an attacker can register as an Administrator without proper authentication. Update to version 1.1.7 or later to fix this issue.
Original title
The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user r...
Original description
The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the user_role parameter. This makes it possible for unauthenticated attackers to register as Administrator by manipulating the user_role parameter during registration.
nvd CVSS3.1
9.8
Vulnerability type
CWE-269
Improper Privilege Management
- https://listee-wp.dreamstechnologies.com/documentation/changelog.html
- https://themeforest.net/item/listee-classified-ads-wordpress-theme/44526956
- https://themes.trac.wordpress.org/browser/listee/1.1.5/listee-core/includes/list...
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d534feae-d1b7-4544-b1c...
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026