WordPress Plugin Vulnerabilities

Redux Framework < 4.5.13 - Subscriber+ Privilege Escalation to Administrator

Description

The plugin does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile, on sites where the plugin's user-profile (Users extension) feature is enabled.

Proof of Concept

Affects Plugins

Fixed in 4.5.13

References

Classification

Miscellaneous

Original Researcher
Jakub Herman
Submitter
Jakub Herman
Submitter website
Verified
Yes

Timeline

Publicly Published
2026-06-25 (about 21 days ago)
Added
2026-06-25 (about 20 days ago)
Last Updated
2026-07-10 (about 5 days ago)

Other