HIGH
devsabbirahmed
CVE published 2026-05-27
CVE-2026-8787
The Firebase Support & Chat Management plugin for WordPress is vulnerable to authentication bypass and privilege escalation in all versions up to and including 3.1.1. The vulnerability exists in the `firebase_auth()` function, which authenticates requests based solely on a user-supplied `user_email` POST parameter without verifying Firebase ID token signatures, issuer claims, or audience validation. This [truncated]