EUVD-2026-37643Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Network-reachable WordPress registration endpoint, no auth or interaction, and role-assignment flaw yields full admin takeover - full C/I/A impact at PR:N/UI:N.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
Articles & Coverage 1
AnalysisAI
Unauthenticated privilege escalation in the ThemeGrill Registration Form for WooCommerce WordPress plugin (versions <= 1.0.9) allows remote attackers to elevate privileges without credentials, potentially gaining administrative control over the WordPress site. With a CVSS of 9.8 and no public exploit identified at time of analysis, the flaw is reported by Patchstack and tagged as a Privilege Escalation issue in the WordPress plugin ecosystem.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires that the vulnerable Registration Form for WooCommerce plugin (versions ≤ 1.0.9) is installed and active on a WordPress site with WooCommerce, and that the plugin's registration form endpoint is reachable over the network - the default deployment posture for a customer-facing storefront. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All available signals point to high real-world risk: the CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N indicates network-reachable, low-complexity, unauthenticated exploitation with no user interaction, and C/I/A:H reflects full compromise potential consistent with administrative takeover of a WordPress site. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker browses to the target WooCommerce site, locates the plugin's registration form endpoint, and submits a crafted HTTP POST that includes a role or capability parameter (e.g., role=administrator) alongside legitimate registration fields. Because the plugin incorrectly assigns the requested role, the attacker's newly created account is granted administrator privileges, enabling subsequent login, theme/plugin upload, and full site takeover including PHP code execution via the WordPress admin UI. |
| Remediation | Upstream fix available per Patchstack advisory; released patched version not independently confirmed from the provided data - administrators should upgrade Registration Form for WooCommerce to the latest version above 1.0.9 as published by ThemeGrill and verify the installed version via the WordPress plugins screen. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all WordPress instances using ThemeGrill Registration Form plugin versions 1.0.9 or earlier; immediately deactivate and uninstall the plugin; restrict administrative panel access via IP allowlisting pending remediation. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today