PT-2026-42734

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the map meta cap. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

Automattic: WooCommerce Blacklist in 'map_meta_cap' leads to Privilege Escalation of Shopmanagers

When the Shopmanager role is defined for the first time, it receives the following WordPress core privileges: // Shop manager role. addrole 'shopmanager', 'Shop manager', array 'level9' = true, 'level8' = true, 'level7' = true, 'level6' = true, 'level5' = true, 'level4' = true, 'level3' = true,...