CVE-2026-4261 in Expire Users Plugininformation

Résumé

par MITRE • 21/03/2026

The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'on_expire_default_to_role' meta through the 'save_extra_user_profile_fields' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Wordfence

Réserver

16/03/2026

Divulgation

21/03/2026

Modérer

accepté

Entrée

VDB-352243

CPE

prêt

CWE

CWE-862 (confirmé)

CVSS

8.8 (CNA)

EPSS

0.00058

KEV

non

Activités

très faible

Secteur

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-4261
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-4261
CVE Details	https://www.cvedetails.com/cve/CVE-2026-4261/

◂ Précédent Aperçu Suivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!