CVE-2026-7641 - Import and export users and customers <= 2.0.8 - Authenticated (Subscriber+) Privilege Escalation via Multisite Capability Meta Fields
CVE ID :CVE-2026-7641 Published : May 2, 2026, 5:16 a.m. | 51 minutes ago Description :The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the `save_extra_user_profile_fields()` function. This is due
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Data thieft: A 15-year-old minor arrested
- [CYBER] From Prompt to Production: AYW Workflow Case Study
- [CYBER] Energy Security for “The Africa We Want”: Turning a Global Shock into a Continental Reset
- [CYBER] CVE-2026-6229 - Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter
- [CYBER] CVE-2026-6457 - Geo Mashup <= 1.13.19 - Authenticated (Subscriber+) SQL Injection via 'geo_mashup_null_fields' Parameter
- [CYBER] CVE-2026-6449 - Booking for Appointments and Events Calendar – Amelia <= 2.1.2 - Unauthenticated Authorization Bypass via Remote Approval Endpoint