VYPR

Simple User Capabilities

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-12158CriNov 4, 2025
    risk 0.64cvss 9.8epss 0.00

    The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabilities() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role…

  • CVE-2025-12157MedNov 4, 2025
    risk 0.34cvss 5.3epss 0.00

    The Simple User Capabilities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_reset_capability' AJAX endpoint in all versions up to, and including, 1.0. This makes it possible for unauthenticated…