User Privilege Escalation in Adminify WordPress Plugin
CVE-2026-11781
Key Information:
Badges
What is CVE-2026-11781?
The Adminify WordPress plugin prior to version 4.2.10 fails to enforce appropriate read-capability checks for its administration search functionality. This oversight enables users with lower privileges, such as Contributors, to access and reveal sensitive information that should remain protected. These include unpublished post titles from other authors, pending comment details, data from the site's Adminify plugin inventory, and user account names, compromising the site's privacy and operational integrity.
Affected Version(s)
Adminify 0 < 4.2.10
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved