Primary

Context

Vehica Core WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the Vehica Core plugin for WordPress, specifically in versions through 1.0.97. The issue arises because the plugin fails to properly validate user meta fields before updating them in the database. This flaw allows authenticated attackers with Subscriber-level access or higher to escalate their privileges to Administrator.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling users with lower access rights to gain administrative privileges.

Remediation

Users are advised to update the Vehica Core plugin to version 1.0.98 or a newer patched version.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vehica Core WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating