CVE-2026-0912
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Description
The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trman_save_option' function and on the 'trman_save_option_items' in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Analysis
Privilege escalation in WordPress Toret Manager plugin through version 1.2.7 allows authenticated subscribers to modify arbitrary site options due to missing capability checks in the trman_save_option functions. An attacker can exploit this to change the default registration role to administrator and enable user registration, granting themselves admin access to the vulnerable site. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Audit all WordPress installations for Toret Manager plugin presence and versions; disable the plugin immediately on all affected sites if business-critical functionality permits. Within 7 days: Identify alternative plugin solutions or evaluate custom development; document any sites unable to disable and implement compensating controls. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today