{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2941", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-21T15:31:58.495Z", "datePublished": "2026-03-21T03:26:33.337Z", "dateUpdated": "2026-04-08T16:34:57.712Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:34:57.712Z"}, "affected": [{"vendor": "plugli", "product": "Linksy Search and Replace", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'linksy_search_and_replace_item_details' function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to update any database table, any value, including the wp_capabilities database field, which allows attackers to change their own role to administrator, which leads to privilege escalation."}], "title": "Linksy Search and Replace <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Update via linksy_search_and_replace_item_details", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0bf117e2-9e59-4028-b77f-7fce2e7174f3?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/linksy-search-and-replace/tags/1.0.4/inc/Admin/Partials/SearchAndReplace/AjaxActions.php#L197"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan"}], "timeline": [{"time": "2026-03-20T14:38:04.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T18:13:40.054364Z", "id": "CVE-2026-2941", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T18:14:21.030Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2941", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T18:13:40.054364Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T18:14:03.816Z"}}], "cna": {"title": "Linksy Search and Replace <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Update via linksy_search_and_replace_item_details", "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "plugli", "product": "Linksy Search and Replace", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-03-20T14:38:04.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0bf117e2-9e59-4028-b77f-7fce2e7174f3?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/linksy-search-and-replace/tags/1.0.4/inc/Admin/Partials/SearchAndReplace/AjaxActions.php#L197"}], "descriptions": [{"lang": "en", "value": "The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'linksy_search_and_replace_item_details' function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to update any database table, any value, including the wp_capabilities database field, which allows attackers to change their own role to administrator, which leads to privilege escalation."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:34:57.712Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2941", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:34:57.712Z", "dateReserved": "2026-02-21T15:31:58.495Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-21T03:26:33.337Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'linksy_search_and_replace_item_details' function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to update any database table, any value, including the wp_capabilities database field, which allows attackers to change their own role to administrator, which leads to privilege escalation."}, {"lang": "es", "value": "El plugin Linksy Search and Replace para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'linksy_search_and_replace_item_details' en todas las versiones hasta la 1.0.4, inclusive. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen cualquier tabla de base de datos, cualquier valor, incluyendo el campo de base de datos wp_capabilities, lo que permite a los atacantes cambiar su propio rol a administrador, lo que lleva a la escalada de privilegios."}], "id": "CVE-2026-2941", "lastModified": "2026-04-24T16:27:44.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-03-21T04:17:13.620", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/linksy-search-and-replace/tags/1.0.4/inc/Admin/Partials/SearchAndReplace/AjaxActions.php#L197"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0bf117e2-9e59-4028-b77f-7fce2e7174f3?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.0.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Linksy Search and Replace", "source": "cna", "vendor": "plugli"}, "product": "linksy_search_and_replace", "vendor": "plugli"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-21T06:40:55.425865+00:00", "value": {"mitigation_remediation": ["Update the Linksy Search and Replace plugin to the latest available version that resolves the missing capability check.", "Disable or remove the plugin if an update is not available and no workaround exists.", "Review user roles and remove any unintended subscriber\u2011level access to minimize the window of opportunity for exploitation."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Linksy Search and Replace plugin version 1.0.4 and all prior versions. WordPress sites that have this plugin installed and are running a version where this function is unprotected are at risk. The issue is limited to the plugin, but its impact is system-wide because it permits modifications to any database entry.", "description_and_impact": "The Linksy Search and Replace WordPress plugin contains a missing capability check in the 'linksy_search_and_replace_item_details' function. This omission allows authenticated users with subscriber-level access or higher to execute arbitrary updates on any database table, including sensitive fields such as 'wp_capabilities'. An attacker can modify role assignments to elevate their own privileges to administrator, effectively bypassing normal access controls and gaining full control of the site.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity. No EPSS data is available, and the flaw is not listed in CISA\u2019s KEV catalog. The attack requires authentication as a subscriber or higher, making it a local\u2011authenticated threat vector. Once exploited, the attacker achieves privilege escalation, enabling control over site content, settings, and potentially other plugins."}}}}, "created": "2026-03-23T09:51:01.246274+00:00", "updated": "2026-03-25T14:42:36.505598+00:00", "vendors": ["plugli", "plugli$PRODUCT$linksy_search_and_replace", "wordpress", "wordpress$PRODUCT$wordpress"]}