User Privilege Escalation in Adminify WordPress Plugin
CVE-2026-11781

2.7LOW

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
2 July 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-11781?

The Adminify WordPress plugin prior to version 4.2.10 fails to enforce appropriate read-capability checks for its administration search functionality. This oversight enables users with lower privileges, such as Contributors, to access and reveal sensitive information that should remain protected. These include unpublished post titles from other authors, pending comment details, data from the site's Adminify plugin inventory, and user account names, compromising the site's privacy and operational integrity.

Affected Version(s)

Adminify 0 < 4.2.10

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Vaibhav Narkhede
WPScan
.