Privilege Escalation Vulnerability in 多说社会化评论框 Plugin for WordPress
CVE-2026-14482
8.8HIGH
What is CVE-2026-14482?
The 多说社会化评论框 plugin for WordPress has a vulnerability that allows unauthenticated users to escalate their privileges. This vulnerability arises from a lack of required checks on a web-accessible API endpoint, allowing attackers to manipulate WordPress settings. By exploiting the inadequately protected update_option handler, attackers can pass arbitrary parameters, such as changing the site's default role to administrator. This breach compromises the security of WordPress sites, enabling unauthorized account creation with administrator-level access.
Affected Version(s)
多说社会化评论框 0 <= 1.2