WordPress Plugin Vulnerabilities

Custom API for WP < 4.2.3 - Subscriber+ Privilege Escalation

Description

The plugin is vulnerable to Privilege Escalation due to the plugin not properly restricting a users ability to set roles. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges.

Affects Plugins

Fixed in 4.2.3

References

Classification

Miscellaneous

Original Researcher
Hiro
Verified
No

Timeline

Publicly Published
2025-07-28 (about 11 months ago)
Added
2025-08-05 (about 10 months ago)
Last Updated
2025-08-05 (about 10 months ago)

Other