🟠 《高危安全漏洞:CVE-2026-12525》

CVSS 评分: 高危(8.8)  状态: Deferred  发布时间: 2026-07-16


漏洞描述

The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile, on sites where the Redux Framework WordPress plugin before 4.5.13's user-profile (Users extension) feature is enabled.


🔍 技术细节

字段
CVE ID CVE-2026-12525
CVSS 评分 8.8 🟠
严重程度 高危
CVSS 向量 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE 分类 CWE-269
发布时间 2026-07-16
最后更新 2026-07-16
状态 Deferred
数据来源 contact@wpscan.com

🔗 参考链接