๐Ÿ” CVE Alert

CVE-2026-12525

UNKNOWN 0.0

Redux Framework < 4.5.13 - Subscriber+ Privilege Escalation to Administrator

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile, on sites where the Redux Framework WordPress plugin before 4.5.13's user-profile (Users extension) feature is enabled.

Vendor unknown
Product redux framework
Published Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for unknown redux framework

Be the first to know when new unknown vulnerabilities affecting unknown redux framework are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / Redux Framework
0 < 4.5.13

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/11d5d4c2-7ba9-4389-9050-28c90920e34b/

Credits

Jakub Herman WPScan