PT-2026-5092 · WordPress · Simple User Registration
Johska
·
Published
2026-01-28
·
Updated
2026-01-28
·
CVE-2026-0844
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Simple User Registration versions prior to 6.8
Description
The Simple User Registration plugin for WordPress has a privilege escalation issue in versions up to and including 6.7. Insufficient restriction on the
profile save field function allows authenticated attackers with minimal permissions, such as a subscriber, to modify their user role. This is achieved by supplying the wp capabilities parameter during a profile update.Recommendations
Update the Simple User Registration plugin to version 6.8 or later.
Fix
LPE
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simple User Registration