{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14866", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-18T01:55:21.873Z", "datePublished": "2026-01-23T12:26:59.342Z", "dateUpdated": "2026-04-08T16:33:17.740Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:33:17.740Z"}, "affected": [{"vendor": "melapress", "product": "Melapress Role Editor", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'save_secondary_roles_field' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to assign themselves additional roles including Administrator."}], "title": "Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0509aaf1-8aae-42e5-84d3-ea9b431703f3?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/melapress-role-editor/tags/1.1.0/classes/admin/ajax/class-admin-ajax.php"}, {"url": "https://plugins.trac.wordpress.org/browser/melapress-role-editor/tags/1.1.0/classes/admin/additional-form-fields/class-user-profile.php#L103"}, {"url": "https://plugins.trac.wordpress.org/changeset/3439348/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-863 Incorrect Authorization", "cweId": "CWE-863", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Sarawut Poolkhet"}], "timeline": [{"time": "2025-12-18T02:10:40.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-01-22T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-23T14:13:34.648019Z", "id": "CVE-2025-14866", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T14:13:51.954Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14866", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-23T14:13:34.648019Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T14:13:46.844Z"}}], "cna": {"title": "Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment", "credits": [{"lang": "en", "type": "finder", "value": "Sarawut Poolkhet"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "melapress", "product": "Melapress Role Editor", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-18T02:10:40.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-01-22T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0509aaf1-8aae-42e5-84d3-ea9b431703f3?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/melapress-role-editor/tags/1.1.0/classes/admin/ajax/class-admin-ajax.php"}, {"url": "https://plugins.trac.wordpress.org/browser/melapress-role-editor/tags/1.1.0/classes/admin/additional-form-fields/class-user-profile.php#L103"}, {"url": "https://plugins.trac.wordpress.org/changeset/3439348/"}], "descriptions": [{"lang": "en", "value": "The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'save_secondary_roles_field' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to assign themselves additional roles including Administrator."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:33:17.740Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14866", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:33:17.740Z", "dateReserved": "2025-12-18T01:55:21.873Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-23T12:26:59.342Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'save_secondary_roles_field' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to assign themselves additional roles including Administrator."}, {"lang": "es", "value": "El plugin Melapress Role Editor para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 1.1.1, inclusive. Esto se debe a una verificaci\u00f3n de capacidad mal configurada en la funci\u00f3n 'save_secondary_roles_field'. Esto permite que atacantes autenticados, con acceso de nivel Suscriptor o superior, se asignen roles adicionales, incluido el de Administrador."}], "id": "CVE-2025-14866", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-23T13:15:47.983", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/melapress-role-editor/tags/1.1.0/classes/admin/additional-form-fields/class-user-profile.php#L103"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/melapress-role-editor/tags/1.1.0/classes/admin/ajax/class-admin-ajax.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3439348/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0509aaf1-8aae-42e5-84d3-ea9b431703f3?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T20:08:11.254525+00:00", "value": {"mitigation_remediation": ["Update the Melapress Role Editor plugin to the latest version that contains the proper capability check.", "If an update is unavailable, prevent the vulnerable function from executing by disabling the secondary role assignment feature, such as by removing or commenting out the relevant code or plugin settings.", "Ensure that no Subscriber or lower\u2011privileged users have been granted Administrator privileges; revoke any unexpected roles and review the site\u2019s user list."], "summary": {"action": "Patch", "impact": "Privilege Escalation via Improper Authorization"}, "threat_synthesis": {"affected_systems": "All installations of the Melapress Role Editor plugin running versions 1.1.1 or earlier are vulnerable. Any WordPress site that has installed or downloaded the plugin in these or earlier releases is affected.", "description_and_impact": "The Melapress Role Editor plugin for WordPress is vulnerable because the function responsible for saving secondary roles performs an incorrect capability check. An authenticated user with a Subscriber role or higher can exploit this flaw to assign themselves additional roles, including Administrator. This elevation of privilege allows the attacker to execute any action available to an Administrator, compromising the confidentiality, integrity, and availability of the entire WordPress site. The flaw is categorized as a weak authority check, corresponding to CWE-863.", "risk_and_exploitability": "The CVSS base score of 8.8 indicates high severity. The EPSS score is less than 1\u202f%, suggesting that actual exploitation attempts are currently rare or undocumented. The vulnerability is not listed in the CISA KEV catalog. Because the flaw requires the attacker to be authenticated, the attack vector is local to the WordPress admin interface; an attacker can trigger the escalation simply by accessing the secondary role assignment UI from their account."}}}}, "created": "2026-01-26T11:54:29.481591+00:00", "updated": "2026-04-22T20:15:20.530020+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}