HIGH
pixelgrade
CVE published 2026-07-08
CVE-2026-9842
The Backstage - Customizer Demo Access plugin for WordPress has a Privilege Escalation vulnerability due to assigning the `manage_options` capability to the `backstage_customizer_user` demo role. This allows unauthenticated attackers to update arbitrary WordPress options, leading to privilege escalation. The vulnerability exists in all versions up to and including 1.4.2. The plugin incorrectly assigns the [truncated]