EUVD-2026-14159
GHSA-w7pq-j4cx-8r97
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'on_expire_default_to_role' meta through the 'save_extra_user_profile_fields' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
Analysis
The Expire Users plugin for WordPress versions up to and including 1.2.2 contains a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher to elevate their privileges to administrator level. This occurs because the plugin improperly allows users to update the 'on_expire_default_to_role' meta field through the 'save_extra_user_profile_fields' function without proper authorization checks. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Audit all WordPress installations to identify those running Expire Users plugin versions 1.2.2 or earlier and document affected systems. Within 7 days: Implement compensating controls (disable the plugin, apply WAF rules, or restrict user role management access) and monitor user privilege escalation logs. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today