CNNVD-202602-1240 Information
CNNVD ID
CNNVD-202602-1240
Related CVE
- CNNVD Published: 2026-02-08
Description (Chinese)
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin JAY Login & Register 2.6.03及之前版本存在安全漏洞,该漏洞源于允许用户通过jay_panel_ajax_update_profile函数更新任意用户元数据,可能导致具有订阅者及以上权限的已验证攻击者将权限提升至管理员级别。
Description (English)
WordPress and WordPressplugin are products of WordPress. WordPress is a blog platform developed in the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL-based servers. WordPress plugin is an application plugin. WordPlus plugin JAY Login & Register 2.6.03 and previous versions have a security loophole, which stems from allowing users to update any user metadata through the jay panel ajax update profile function, which may result in a certified attacker with subscription and above privileges increasing the privileges to the administrator level.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
WordPress
Published
2026-02-08
Last Modified
2026-02-24
References
https://plugins.trac.wordpress.org/browser/jay-login-register/tags/2.6.01/includes/user-panel/jay-login-register-ajax-handler-user-panel.php#L624 https://www.wordfence.com/threat-intel/vulnerabilities/id/fb900810-23a2-4920-a5e8-4388c4474de0?source=cve https://access.redhat.com/security/cve/cve-2025-15100
Patch
https://wordpress.org/plugins/jay-login-register
Share on: