HIGH
shen2
CVE published 2026-07-08
CVE-2026-14482
The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability and nonce check on a directly web-accessible API endpoint. This allows unauthenticated attackers to update arbitrary WordPress options and subsequently register an account with full administrator privileges. The vulnerability exists in versions up to and including 1.2. A trivially forgeable HMAC-SHA1 signat [truncated]