Primary

Context

Barcode Scanner WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the Barcode Scanner WordPress plugin, specifically in versions through 1.11.0. The issue arises from insecure token-based authentication, where the plugin improperly trusts user-supplied Base64-encoded user IDs in the token parameter. This flaw allows unauthenticated attackers to spoof admin user IDs, leak valid authentication tokens, and then use those tokens to gain administrative privileges by modifying user capabilities.

Impact

Exploitation of this vulnerability allows unauthenticated users to gain administrative privileges on the WordPress site.

Remediation

Users are advised to update the Barcode Scanner WordPress plugin to version 1.12.0 or later.

Added: Apr 16, 2026, 12:23 AM

Updated: Apr 16, 2026, 12:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

6.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

6.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Barcode Scanner WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating