PT-2026-26880 · WordPress · Expire Users
Hunter Jensen
·
Publicado
2026-03-21
·
Atualizado
2026-03-22
·
CVE-2026-4261
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Expire Users plugin for WordPress versions through 1.2.2
Description
The Expire Users plugin for WordPress is susceptible to a privilege escalation issue. This occurs because the plugin permits a user to modify the
on expire default to role meta data through the save extra user profile fields function. Authenticated attackers possessing Subscriber-level access or higher can exploit this to elevate their privileges to administrator level.Recommendations
Versions prior to and including 1.2.2 should be updated to a newer, fixed version when available.
Correção
LPE
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Expire Users