WordPress Plugin Vulnerabilities

Advanced Custom Fields: Extended < 0.9.2.2 - Unauthenticated Privilege Escalation

Description

The plugin is vulnerable to Privilege Escalation due to the 'insert_user' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: The vulnerability can only be exploited if 'role' is mapped to the custom field.

Affects Plugins

Plugin icon
acf-extended
Fixed in 0.9.2.2

References

CVE
CVE-2025-14533
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d44f8af2-3525-4b00-afa8-a908250cc838

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.1 (high)

Miscellaneous

Original Researcher
andrea bocchetti
Verified
No
WPVDB ID
691b01af-a6cc-47bc-b473-cfbde662d461

Timeline

Publicly Published
2026-01-19 (about 3 months ago)
Added
2026-01-20 (about 3 months ago)
Last Updated
2026-05-11 (about 2 days ago)

Other

Published
Title
Published
2020-11-09
Title
Ultimate Member < 2.1.12 - Authenticated Privilege Escalation via Profile Update
Published
2025-04-23
Title
Frontend Login and Registration Blocks < 1.0.9 - Subscriber+ Privilege Escalation via Password Reset
Published
2023-05-23
Title
ReviewX < 1.6.14 - Subscriber+ Privilege Escalation
Published
2023-08-22
Title
Jupiter X Core Premium < 3.4.3 - Unauthenticated Privilege Escalation
Published
2025-08-25
Title
Dokan Pro < 4.0.6 - Authenticated (Vendor+) Privilege Escalation