CVE-2026-14482
Received Received - Intake

Privilege Escalation in 多说社会化评论框 WordPress Plugin

Vulnerability report for CVE-2026-14482, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: Wordfence

Description

The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing capability and nonce check on a directly web-accessible API endpoint, combined with a trivially forgeable HMAC-SHA1 signature keyed on an always-empty WordPress option, which allows the endpoint's `update_option` handler to pass attacker-controlled `option` and `value` parameters directly to WordPress's `update_option` function without any allowlist or sanitization. This makes it possible for unauthenticated attackers to update arbitrary WordPress options — such as setting `default_role` to `administrator` and enabling open registration — and subsequently register an account with full administrator privileges.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-08
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
duoshuo duoshuo_social_comment_box to 1.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The 多说社会化评论框 plugin for WordPress has a privilege escalation vulnerability in all versions up to and including 1.2. This occurs because an API endpoint lacks proper capability and nonce checks, and uses a weak HMAC-SHA1 signature based on an always-empty WordPress option. This flaw allows unauthenticated attackers to send crafted requests to the endpoint's update_option handler, which then updates arbitrary WordPress options without any validation or sanitization.

As a result, attackers can change critical settings such as setting the default user role to administrator and enabling open registration, allowing them to create accounts with full administrator privileges.

Impact Analysis

This vulnerability can have severe impacts because it allows unauthenticated attackers to gain full administrator access to a WordPress site by manipulating site options.

  • Attackers can set the default user role to administrator.
  • Attackers can enable open registration to create administrator accounts.
  • Full administrator privileges allow attackers to control the entire WordPress site, potentially leading to data theft, site defacement, or further compromise.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14482. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart