CVE-2026-12525
Redux Framework < 4.5.13 - Subscriber+ Privilege Escalation to Administrator
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile, on sites where the Redux Framework WordPress plugin before 4.5.13's user-profile (Users extension) feature is enabled.
| Vendor | unknown |
| Product | redux framework |
| Published | Jul 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown redux framework
Be the first to know when new unknown vulnerabilities affecting unknown redux framework are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / Redux Framework
0 < 4.5.13
References
Credits
Jakub Herman WPScan