CVE-2026-1994 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the pl…
Critical CVSS: 9.8

CVE-2026-1994

The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Vendor
-
Product
-
CWE
CWE-269
Yayın Tarihi
2026-02-19 07:17:44
Güncelleme
2026-02-19 15:52:39
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-269 CRITICAL 2026

Referanslar

https://plugins.trac.wordpress.org/browser/s2member/tags/260127/src/includes/classes/registrations.inc.php#L74 https://plugins.trac.wordpress.org/changeset/3461625/s2member#file5 https://www.wordfence.com/threat-intel/vulnerabilities/id/6c31cf92-26b7-484d-8c93-ce241d655d07?source=cve