CVE-2026-0844 - Simple User Registration <= 6.7 - authenticated (subscriber+) privilege escalatio...

CVE ID : CVE-2026-0844 Published : Jan. 28, 2026, 12:15 p.m. | 42 minutes ago Description : The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profile_save_field' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...