Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/01/24 3:17 p.m.10 views

CVE-2025-14866

The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS5.5AI score0.00365EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 1:15 p.m.12 views

CVE-2025-14866

The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS0.00365EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/23 12:26 p.m.29 views

CVE-2025-14866 Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment

The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS0.00365EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/23 12:26 p.m.4 views

CVE-2025-14866 Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment

The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS5.5AI score0.00365EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/23 12:26 p.m.2 views

CVE-2025-14866

The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS5.4AI score0.00365EPSS
Exploits0References5
CVE
CVE
added 2026/01/23 12:26 p.m.25 views

CVE-2025-14866

CVE-2025-14866 (Melapress Role Editor, WordPress) The Wordfence vulnerability analysis confirms an unauthenticated privilege-escalation risk in Melapress Role Editor for WordPress, up to version 1.1.1, due to a misconfigured capability check in save_secondary_roles_field. This flaw allows authent...

8.8CVSS5.5AI score0.00365EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/23 8:57 a.m.12 views

WordPress Melapress Role Editor plugin <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment vulnerability

Improper Authorization to Authenticated Subscriber+ Privilege Escalation via Secondary Role Assignment vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Melapress Role Editor versions = 1.1.1...

8.8CVSS5.5AI score0.00365EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.10 views

WordPress plugin Melapress Role Editor has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.8CVSS5.8AI score0.00365EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.11 views

PT-2026-4351

Name of the Vulnerable Software and Affected Versions Melapress Role Editor plugin for WordPress versions prior to 1.1.2 Description The Melapress Role Editor plugin for WordPress is subject to a privilege escalation issue. An attacker with Subscriber-level access or higher can assign themselves...

8.8CVSS5.9AI score0.00365EPSS
Exploits0References7
Rows per page
Query Builder