Skip to main content

Icontrolwp

1 CVEs product

Monthly

CVE-2026-34901 CRITICAL Act Now

Unauthenticated privilege escalation in iControlWP WordPress plugin versions 5.5.3 and earlier allows remote attackers to gain elevated privileges on affected WordPress sites without authentication. Reported by Patchstack and rated CVSS 9.8, the flaw maps to CWE-266 (Incorrect Privilege Assignment) and impacts the worpit-admin-dashboard-plugin distribution. No public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.

Privilege Escalation Icontrolwp
NVD
CVSS 3.1
9.8
EPSS
0.3%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated privilege escalation in iControlWP WordPress plugin versions 5.5.3 and earlier allows remote attackers to gain elevated privileges on affected WordPress sites without authentication. Reported by Patchstack and rated CVSS 9.8, the flaw maps to CWE-266 (Incorrect Privilege Assignment) and impacts the worpit-admin-dashboard-plugin distribution. No public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.

Privilege Escalation Icontrolwp
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy