Unrated severityNVD Advisory· Published Jun 22, 2026

Vitepos < 3.4.2 - Outlet Manager+ Privilege Escalation

CVE-2026-8157

Description

The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Vitepos Litellm-create
Range: <3.4.2
Package: https://wordpress.org/plugins/vitepos-lite

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/6680cc6a-9758-4040-bb39-7b9545041dc3/mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000