CVE-2026-0844
📋 TL;DR
The Simple User Registration WordPress plugin allows authenticated attackers with minimal permissions (like subscribers) to escalate their privileges to administrator by manipulating the 'wp_capabilities' parameter during profile updates. This affects WordPress sites using vulnerable plugin versions up to 6.7. Attackers can gain full administrative control over affected WordPress installations.
💻 Affected Systems
- Simple User Registration WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains full administrative access, installs backdoors, compromises all site data, and potentially spreads malware to visitors.
Likely Case
Attacker escalates to administrator, modifies content, steals sensitive data, or installs malicious plugins/themes.
If Mitigated
Attack is detected early, compromised accounts are disabled, and minimal data exposure occurs.
🎯 Exploit Status
Exploitation requires authenticated access but minimal technical skill. Public proof-of-concept exists in vulnerability references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.8 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/wp-registration
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Simple User Registration' and check if update is available. 4. Click 'Update Now' to install version 6.8+. 5. Verify plugin version after update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the Simple User Registration plugin until patched
wp plugin deactivate simple-user-registration
Restrict user registration
allDisable new user registrations if plugin functionality not critical
wp option update users_can_register 0
🧯 If You Can't Patch
- Immediately disable the Simple User Registration plugin
- Review and audit all user accounts for unauthorized privilege changes
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Simple User Registration → Version. If version is 6.7 or lower, system is vulnerable.Check Version:
wp plugin get simple-user-registration --field=versionVerify Fix Applied:
Verify plugin version is 6.8 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual user role changes in WordPress user logs
- Multiple failed login attempts followed by successful login with role change
- Administrator actions from previously low-privilege accounts
Network Indicators:
- POST requests to /wp-admin/profile.php or user update endpoints with wp_capabilities parameter
- Unusual traffic patterns from subscriber-level accounts
SIEM Query:
source="wordpress.log" AND ("user_role_changed" OR "capabilities" OR "wp_capabilities")🔗 References
- https://plugins.trac.wordpress.org/browser/wp-registration/tags/6.7/inc/classes/class.profile.php#L401
- https://plugins.trac.wordpress.org/browser/wp-registration/tags/6.7/inc/classes/class.user.php#L305
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bb0e77e1-7e9f-4f7e-8953-c86ab0e5ae7a?source=cve
