Plattform
wordpress
Komponente
toret-manager
Behoben in
1.2.8
CVE-2026-0912 is a privilege escalation vulnerability discovered in the Toret Manager WordPress plugin. This flaw allows authenticated attackers with Subscriber-level access or higher to modify arbitrary WordPress options, potentially leading to unauthorized administrative control. The vulnerability impacts versions 1.0.0 through 1.2.7, and a fix is available in version 1.3.0.
The core of this vulnerability lies in the absence of proper capability checks within the trmansaveoption and trmansaveoption_items functions. This allows authenticated users, even those with limited privileges like Subscriber, to bypass intended restrictions and directly manipulate WordPress configuration options. A malicious actor could leverage this to change the default user role for new registrations to 'administrator,' effectively granting themselves full control over the WordPress site upon a new user's creation. The potential blast radius extends to any site utilizing the vulnerable plugin version, making it a significant risk for WordPress deployments.
CVE-2026-0912 was publicly disclosed on 2026-02-19. Currently, there are no known public proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog as of this writing. Given the relatively straightforward nature of the exploitation path (modifying WordPress options), it is reasonable to assume that it could become a target for opportunistic attackers.
WordPress sites utilizing the Toret Manager plugin, particularly those with Subscriber-level users or those that allow user registration. Shared hosting environments where multiple WordPress installations share the same server resources are also at increased risk, as a compromise of one site could potentially lead to lateral movement to others.
• wordpress / plugin:
wp plugin list | grep toret-manager• wordpress / plugin: Check plugin version in WordPress admin dashboard under Plugins.
• wordpress / plugin: Examine the trmansaveoption and trmansaveoption_items functions in the plugin's code for missing capability checks.
• wordpress / plugin: Monitor WordPress logs for suspicious activity related to option updates, particularly changes to the default user role.
• wordpress / plugin: Use wp-cli to check for outdated plugin versions: wp plugin update --all
disclosure
Exploit-Status
EPSS
0.05% (15% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to immediately upgrade the Toret Manager plugin to version 1.3.0 or later, which includes the necessary capability checks. If upgrading is not immediately feasible due to compatibility concerns or breaking changes, consider restricting access to the plugin’s configuration options using a WordPress security plugin or custom code. Implement stricter user role assignments and regularly audit user permissions to detect any unauthorized changes. Monitor WordPress logs for suspicious activity related to option modifications, specifically targeting the trmansaveoption function.
Aktualisieren Sie auf Version 1.3.0 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-0912 is a vulnerability in the Toret Manager WordPress plugin that allows authenticated users to escalate privileges by modifying WordPress options, potentially gaining administrative access.
You are affected if you are using Toret Manager versions 1.0.0 through 1.2.7. Upgrade to version 1.3.0 or later to resolve the issue.
Upgrade the Toret Manager plugin to version 1.3.0 or later. If upgrading is not possible, restrict access to the plugin's settings pages.
There are currently no known public exploits, but exploitation is possible given the vulnerability's nature.
Refer to the plugin developer's website or WordPress.org plugin page for updates and advisories related to CVE-2026-0912.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.