🟠 高危 | CVE-2026-12525 — The Redux Framework WordPress plugin before 4.5.13...
🟠 《高危安全漏洞:CVE-2026-12525》
CVSS 评分: 高危(8.8) 状态: Deferred 发布时间: 2026-07-16
漏洞描述
The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile, on sites where the Redux Framework WordPress plugin before 4.5.13's user-profile (Users extension) feature is enabled.
🔍 技术细节
| 字段 | 值 |
|---|---|
| CVE ID | CVE-2026-12525 |
| CVSS 评分 | 8.8 🟠 |
| 严重程度 | 高危 |
| CVSS 向量 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CWE 分类 | CWE-269 |
| 发布时间 | 2026-07-16 |
| 最后更新 | 2026-07-16 |
| 状态 | Deferred |
| 数据来源 | contact@wpscan.com |
🔗 参考链接
💬 评论