4 matches found
CVE-2025-12158
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the sucsubmitcapabilities function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role of any user account t...
CVE-2025-12158
creationtimestamp| type| source ---|---|--- 2025-11-04 06:02:10+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m4rudbieyo2s 2025-11-04 06:13:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4ruxoa3tr2w...
WordPress Simple User Capabilities plugin <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability
Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin Simple User Capabilities versions = 1.0...
CVE-2025-12158 Simple User Capabilities <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the sucsubmitcapabilities function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role of any user account t...