PT-2026-60430 · WordPress · Digits
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Digits: WordPress Mobile Number Signup and Login versions prior to 9.1.0.6
Description
Privilege escalation is possible for authenticated users with Subscriber-level access and above. The issue stems from missing authorization and role validation within the
dig update wpwc custom fields() function. An attacker can elevate their privileges to Administrator by submitting a forged digits reg userrole value during a profile update, provided the site administrator has enabled the built-in DIGITS User Role field.Recommendations
Update to a version newer than 9.1.0.5.
As a temporary mitigation, disable the built-in DIGITS User Role field configuration.
Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Digits