Primary

Context

Vvveb Privilege Escalation Vulnerability in Admin User Profile Save Endpoint

Vulnerability

A privilege escalation vulnerability has been identified in Vvveb versions prior to 1.0.8.1. This vulnerability allows authenticated users to modify privileged fields in their own admin user profiles. By injecting a specific role_id into profile save requests, users can escalate their privileges to Super Administrator level. This elevated access enables them to upload plugins, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation to Super Administrator rights, including the ability to upload plugins that could execute malicious code remotely.

Remediation

Users can update to Vvveb version 1.0.8.1 or later, where this vulnerability has been fixed.

Added: Apr 20, 2026, 4:39 PM

Updated: Apr 20, 2026, 4:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

0.0

relevance

6.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

0.0

relevance

6.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vvveb Privilege Escalation Vulnerability in Admin User Profile Save Endpoint

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating