Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Contributor is a low-privilege authenticated role (PR:L), not high; no integrity or availability impact applies.
Primary rating from Vendor (wpscan).
CVSS VectorVendor: wpscan
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role (Contributor) to disclose non-public content that WordPress would not otherwise expose to them, such as other authors' unpublished post titles, pending comment content, the site's Adminify WordPress plugin before 4.2.10 inventory, and user account names.
AnalysisAI
Broken access control in the Adminify WordPress plugin before 4.2.10 allows authenticated Contributor-level users to enumerate sensitive site data through an administration search feature that omits per-user read-capability checks. Affected data includes other authors' unpublished post titles, pending comment content, installed plugin inventory, and registered user account names - all information WordPress's native capability model would otherwise restrict. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated WordPress session with at least Contributor-level role - an attacker must possess valid credentials for a Contributor, Author, or higher account on the target site. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD-assigned CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N yields a score of 2.7 (Low), but there is a material discrepancy: PR:H (High Privilege) conflicts with the description's explicit statement that exploitation requires only a Contributor role, which is WordPress's lowest editorial privilege level. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who registers or compromises a Contributor account on the target WordPress site authenticates to the admin dashboard and uses Adminify's administration search feature to query for content and user data. The search results return unpublished draft titles from other authors, pending comment text, registered usernames, and the names of installed plugins - none of which WordPress would ordinarily expose to a Contributor. … |
| Remediation | The primary fix is to upgrade the Adminify WordPress plugin to version 4.2.10 or later, which introduces per-user capability checks on the administration search feature results. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1
The Hash Form - Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing fil
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all
The Simple File List plugin for WordPress through version 4.2.2 contains an unauthenticated remote code execution vulner
The AI Engine WordPress plugin through version 3.1.3 exposes Bearer Token values through the /mcp/v1/ REST API endpoint
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via
The Business Directory Plugin - Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based
SQL injection in the NotificationX WordPress plugin (versions up to and including 2.8.2) allows unauthenticated remote a
The POST SMTP Mailer - Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress i
The MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to union base
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' paramete
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41254
GHSA-rx4r-gfpx-w668