Approved changes feed: RSS · Atom

cpe:2.3:a:melapress:melapress_role_editor:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorMelapress (7b16c59f-5102-5265-b499-38ab78b79b40)
ProductMelapress Role Editor (36baae30-dc2b-5bc2-a2bc-bcac470abb36)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-14866 vulnerable 2026-06-08 07:06:35.265436 Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment
HIGH (8.8)
The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'save_secondary_roles_field' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to assign themselves additional roles including Administrator.
Published: 2026-01-23T12:26:59.342Z
Updated: 2026-04-08T16:33:17.740Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.