Tanvirahmed1984 Simple User Capabilities vulnerabilities
2 known vulnerabilities affecting tanvirahmed1984/simple_user_capabilities.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-12158P2CRITICALCVSS 9.8≤ 1.02025-11-04
CVE-2025-12158 [CRITICAL] CWE-862 CVE-2025-12158: The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a mis
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabilities() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role of any user account to administrator.
nvd
CVE-2025-12157P4MEDIUMCVSS 5.3≤ 1.02025-11-04
CVE-2025-12157 [MEDIUM] CWE-862 CVE-2025-12157: The Simple User Capabilities plugin for WordPress is vulnerable to unauthorized modification of data
The Simple User Capabilities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_reset_capability' AJAX endpoint in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to reset any user's capabilities.
nvd