cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forcapability-manager-enhanced capability-manager-enhanced

Direction: descending
Mar 30, 2026

PublishPress Capabilities – User Role Editor, Access Permissions, Admin Menus # CVE-2026-32394

CVE, Research URL

CVE-2026-32394

Home page URL

Security reports for PublishPress Capabilities – User Role Editor, Access Permissions, Admin Menus

Application

PublishPress Capabilities – User Role Editor, Access Permissions, Admin Menus

Date
Mar 14, 2026
Research Description
Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through <= 2.31.0.
Affected versions
max 2.31.0.
Status
vulnerable
Jun 07, 2024

PublishPress Capabilities &#8211; User Role Editor, Access Permissions, Admin Menus # CVE-2022-3366

CVE, Research URL

CVE-2022-3366

Home page URL

Security reports for PublishPress Capabilities &#8211; User Role Editor, Access Permissions, Admin Menus

Application

PublishPress Capabilities &#8211; User Role Editor, Access Permissions, Admin Menus

Date
Oct 31, 2022
Research Description
The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site.
Affected versions
max 1.5.9.
Status
vulnerable

PublishPress Capabilities &#8211; User Role Editor, Access Permissions, Admin Menus # CVE-2021-25032

CVE, Research URL

CVE-2021-25032

Home page URL

Security reports for PublishPress Capabilities &#8211; User Role Editor, Access Permissions, Admin Menus

Application

PublishPress Capabilities &#8211; User Role Editor, Access Permissions, Admin Menus

Date
Jan 10, 2022
Research Description
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.
Affected versions
max 2.3.1.
Status
vulnerable