Vitepos < 3.4.2 - Outlet Manager+ Privilege Escalation_CVE-2026-8157

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator.

AI Analysis

Privilege escalation vulnerability in Vitepos WordPress plugin before 3.4.2

Basic Information

ID CVE-2026-8157

Source WPScan

Published Jun 22, 2026 at 06:00

Modified Jun 22, 2026 at 12:48

Affected Product

Vendor Unknown

Product Vitepos

Affected Versions Unknown Vitepos 0

CWE Classification

CWE-269

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Vitepos

Product Vitepos WordPress plugin

Version < 3.4.2

References

wpscan.com /vulnerability/6680cc6a-9758-4040-bb39-7b9545041dc3/

{
    "lastseen": "",
    "description": "The Vitepos  WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos  WordPress plugin before 3.4.2 role to escalate privileges to administrator.",
    "published": "2026-06-22T06:00:02.475Z",
    "modified": "2026-06-22T12:48:54.354Z",
    "type": "cve",
    "title": "Vitepos < 3.4.2 - Outlet Manager+ Privilege Escalation",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/6680cc6a-9758-4040-bb39-7b9545041dc3/",
    "id": "CVE-2026-8157",
    "bulletinFamily": "",
    "cwe": [
        "",
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "Unknown Vitepos 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Vitepos",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "Privilege escalation vulnerability in Vitepos WordPress plugin before 3.4.2",
    "ai_severity": "High",
    "ai_vendor": "Vitepos",
    "ai_product": "Vitepos WordPress plugin",
    "ai_version": "< 3.4.2",
    "ai_score": 8.8
}