Simple User Registration < 6.8 – Authenticated (Subscriber+) Privilege Escalation via profile_save_field | CVE 2026-0844 | Plugin Vulnerabilities

Description

The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profile_save_field' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.

Affects Plugins

wp-registration

Fixed in 6.8

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/bb0e77e1-7e9f-4f7e-8953-c86ab0e5ae7a

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

johska

Verified

No

WPVDB ID

cb868bb9-5aa3-4e91-83cc-c9ad767407ff

Timeline

Publicly Published

2026-01-27 (about 4 months ago)

Added

2026-01-27 (about 4 months ago)

Last Updated

2026-05-19 (about 30 days ago)

Other

Published

Title

Published

2024-02-26

Title

Duitku Payment Gateway < 2.11.7 - Missing Authorization via check_duitku_response

Published

2022-05-16

Title

WPQA < 5.5 - Unauthenticated Private Message Disclosure

Published

2024-06-05

Title

The Moneytizer < 10.0.1 - Cross-Site Request Forgery via multiple AJAX actions

Published

2024-02-08

Title

Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure

Published

2023-10-16

Title

Awesome Support < 6.1.5 - Insufficient permission check in wpas_edit_reply