Private Content <= 9.9.2 - Unauthenticated Privilege Escalation

2026-07-01 00:00
0xd4rk5id3

Strategic Overview

Status
Unpatched
Affected PluginPrivate Content
Affected Version<= 9.9.2
CVSS9.8Critical
CVECVE-2026-57692
View all Private Content vulnerabilities

Vulnerability Overview

The Private Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 9.9.2. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.

Technical Analysis

REMEDIATION: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement. --- IDENTIFIER: CWE-269 (Improper Privilege Management) The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

External References

Vulnerability data © Defiant, Inc., provided under the Wordfence Intelligence T&C

Private Content <= 9.9.2 - Unauthenticated Privilege Escalation (CVE-2026-57692)