Vulnerabilities and security researches forenable-jquery-migrate-helper enable-jquery-migrate-helper

May 27, 2026

CVE, Research URL: CVE-2026-3279
Home page URL: Security reports for Enable jQuery Migrate Helper
Application: Enable jQuery Migrate Helper
Date: May 27, 2026
Research Description: The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `downgrade_jquery_version()` function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to downgrade the site-wide jQuery version from 3.7.1 to the legacy 1.12.4-wp release, which has knowns security vulnerabilities.
Affected versions: max 1.4.1.
Status: vulnerable