Vulnerability Brief

CVE-2026-8157

What this means for your business

A security vulnerability in the Vitepos WordPress plugin means that an attacker could potentially gain control over your website by taking advantage of a flaw in how user roles are handled. This could allow them to access sensitive areas of your site, make changes without your permission, and even delete important data. If left unpatched, this vulnerability could put your business at risk of data loss, reputation damage, and other serious consequences.

Severity: HIGH
CVSS score: 8.8

Technical summary

The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator.