PT-2026-5092 · WordPress · Simple User Registration
Johska
·
Publicado
2026-01-28
·
Atualizado
2026-01-28
·
CVE-2026-0844
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Simple User Registration versions prior to 6.8
Description
The Simple User Registration plugin for WordPress has a privilege escalation issue in versions up to and including 6.7. Insufficient restriction on the
profile save field function allows authenticated attackers with minimal permissions, such as a subscriber, to modify their user role. This is achieved by supplying the wp capabilities parameter during a profile update.Recommendations
Update the Simple User Registration plugin to version 6.8 or later.
Correção
LPE
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Simple User Registration