Home

Description

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: The vulnerability can only be exploited if 'role' is mapped to the custom field.

PUBLISHED Reserved 2025-12-11 | Published 2026-01-20 | Updated 2026-01-20 | Assigner Wordfence




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-269 Improper Privilege Management

Product status

Default status
unaffected

* (semver)
affected

Timeline

2025-12-11:Vendor Notified
2026-01-19:Disclosed

Credits

andrea bocchetti finder

References

www.wordfence.com/...-3525-4b00-afa8-a908250cc838?source=cve

plugins.trac.wordpress.org/...rm/module-form-action-user.php

plugins.trac.wordpress.org/...es/fields/field-user-roles.php

plugins.trac.wordpress.org/...rm/module-form-action-user.php

cve.org (CVE-2025-14533)

nvd.nist.gov (CVE-2025-14533)

Download JSON