← back
CVE-2026-0844

Simple User Registration <= 6.7 - Authenticated (Subscriber+) Privilege Escalation via profile_save_field

CVSS 8.8 HIGHEPSS 0.3%CWE-284
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profile_save_field' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
nmedia · Simple User Registration

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://plugins.trac.wordpress.org/browser/wp-registration/tags/6.7/inc/classes/class.profile.php#L401https://plugins.trac.wordpress.org/browser/wp-registration/tags/6.7/inc/classes/class.user.php#L305https://plugins.trac.wordpress.org/browser/wp-registration/tags/6.8/inc/classes/class.profile.php#L401https://www.wordfence.com/threat-intel/vulnerabilities/id/bb0e77e1-7e9f-4f7e-8953-c86ab0e5ae7a?source=cve