CVE-2026-4003

Name of the Vulnerable Software and Affected Versions Users manager – PN plugin for WordPress versions up to and including 1.1.15

Description The Users manager – PN plugin for WordPress is susceptible to a privilege escalation issue due to a flaw in authorization logic. Specifically, the userspn ajax nopriv server() function, within the 'userspn form save' case, fails to properly verify user authentication when a non-empty user id is provided. This allows attackers to bypass authentication checks and update arbitrary user metadata using the update user meta() function. The required nonce ('userspn-nonce') for this AJAX endpoint is publicly exposed, further weakening security controls. This allows unauthenticated attackers to modify user metadata, including the userspn secret token field.

Recommendations Update Users manager – PN plugin for WordPress to a version later than 1.1.15.