多说社会化评论框, CVE-2026-14482
- CVE, Research URL
- Home page URL
- Application
- Published on
- Jul 08, 2026
- Research Description
- The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing capability and nonce check on a directly web-accessible API endpoint, combined with a trivially forgeable HMAC-SHA1 signature keyed on an always-empty WordPress option, which allows the endpoint's `update_option` handler to pass attacker-controlled `option` and `value` parameters directly to WordPress's `update_option` function without any allowlist or sanitization. This makes it possible for unauthenticated attackers to update arbitrary WordPress options — such as setting `default_role` to `administrator` and enabling open registration — and subsequently register an account with full administrator privileges.
- Affected versions
-
max 1.2.
- Status
-
vulnerable
| Previous vulnerability researches |
|---|
| JSON API User (CVE-2026-9626) , Jul 04, 2026 |
| JSON API User (CVE-2024-6624) , Jul 12, 2024 |