10 matches found
CVE-2026-4261
The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'onexpiredefaulttorole' meta through the 'saveextrauserprofilefields' function. This makes it possible for authenticated...
WordPress Expire Users plugin <= 1.2.2 - Authenticated (Subscriber+) Privilege Escalation to Administrator via save_extra_user_profile_fields vulnerability
Authenticated Subscriber+ Privilege Escalation to Administrator via saveextrauserprofilefields vulnerability discovered by Hunter Jensen skid in WordPress Plugin Expire Users versions = 1.2.2...
EUVD-2026-14159
The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'onexpiredefaulttorole' meta through the 'saveextrauserprofilefields' function. This makes it possible for authenticated...
CVE-2026-4261
The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'onexpiredefaulttorole' meta through the 'saveextrauserprofilefields' function. This makes it possible for authenticated...
CVE-2026-4261 Expire Users <= 1.2.2 - Authenticated (Subscriber+) Privilege Escalation to Administrator via save_extra_user_profile_fields
The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'onexpiredefaulttorole' meta through the 'saveextrauserprofilefields' function. This makes it possible for authenticated...
CVE-2026-4261
The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'onexpiredefaulttorole' meta through the 'saveextrauserprofilefields' function. This makes it possible for authenticated...
CVE-2026-4261 Expire Users <= 1.2.2 - Authenticated (Subscriber+) Privilege Escalation to Administrator via save_extra_user_profile_fields
The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'onexpiredefaulttorole' meta through the 'saveextrauserprofilefields' function. This makes it possible for authenticated...
CVE-2026-4261
The CVE-2026-4261 entry concerns the WordPress Expire Users plugin (all versions up to 1.2.2). The root cause is that the plugin allows updating the on_expire_default_to_role meta via the save_extra_user_profile_fields function, enabling privilege escalation. As documented, authenticated users wi...
WordPress plugin Expire Users 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-26880
The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'on expire default to role' meta through the 'save extra user profile fields' function. This makes it possible for...