CVE-2026-14482 PUBLISHED

多说社会化评论框 <= 1.2 - Unauthenticated Privilege Escalation via api.php 'option'/'value' Parameters

Assigner: Wordfence
Reserved: 02.07.2026 Published: 08.07.2026 Updated: 08.07.2026

The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing capability and nonce check on a directly web-accessible API endpoint, combined with a trivially forgeable HMAC-SHA1 signature keyed on an always-empty WordPress option, which allows the endpoint's update_option handler to pass attacker-controlled option and value parameters directly to WordPress's update_option function without any allowlist or sanitization. This makes it possible for unauthenticated attackers to update arbitrary WordPress options — such as setting default_role to administrator and enabling open registration — and subsequently register an account with full administrator privileges.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 8.8

Product Status

Vendor shen2
Product 多说社会化评论框
Versions Default: unaffected
  • affected from 0 to 1.2 (incl.)

Credits

  • Nasur ullah (Spy0x7) finder

References

Problem Types

  • CWE-269 Improper Privilege Management CWE