PT-2026-51280 · Undefined · Undefined

Real_King_Engine

·

Published

2026-06-22

·

Updated

2026-06-22

·

CVE-2026-8157

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2026-8157

Affected Products

Undefined