CRITICAL
AmentoTech
CVE published 2026-06-10
CVE-2025-6254
A critical vulnerability was discovered in the Doctreat Core plugin for WordPress, affecting all versions up to and including 1.6.8. This vulnerability allows unauthenticated attackers to register as an administrator user due to the doctreat_process_registration() function not properly restricting the roles that a user can register with.