2 matches found
CVE-2025-14533 Advanced Custom Fields: Extended <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insertuser' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to...
The vulnerability of the wp_insert_user function and testWPUpdateUser_should_deleteUsersLugsCache (user.php) in the WordPress content management system allows attackers to access sensitive data and compromise its integrity.
The vulnerability of the wpinsertuser function and testwpupdateusershoulddeleteuserslugscache in user.php of the WordPress content management system is related to a lack of password recovery mechanism. Exploiting this vulnerability could allow an attacker to gain access to sensitive data and...