PT-2026-56315 · Pixelgrade · Backstage – Customizer Demo Access
Nabil Irawan
·
Publicado
2026-07-08
·
Atualizado
2026-07-08
·
CVE-2026-9842
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.2. This is due to the plugin assigning the
manage options capability to the backstage customizer user demo role, which is more permissive than necessary for Customizer-only demo access. This makes it possible for unauthenticated attackers to navigate beyond the Customizer and update arbitrary WordPress options such as default role, leading to privilege escalation.Correção
Improper Privilege Management
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Backstage – Customizer Demo Access