CVE-2026-4261
The CVE-2026-4261 entry concerns the WordPress Expire Users plugin (all versions up to 1.2.2). The root cause is that the plugin allows updating the on_expire_default_to_role meta via the save_extra_user_profile_fields function, enabling privilege escalation. As documented, authenticated users wi...