Private Content <= 9.9.2 - Unauthenticated Privilege Escalation
2026-07-01 00:00
0xd4rk5id3Strategic Overview
StatusUnpatched
Affected PluginPrivate Content
Affected Version
<= 9.9.2CVSS9.8Critical
CVE
CVE-2026-57692Vulnerability Overview
The Private Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 9.9.2. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.
Technical Analysis
REMEDIATION: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement. --- IDENTIFIER: CWE-269 (Improper Privilege Management) The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
External References
Vulnerability data © Defiant, Inc., provided under the Wordfence Intelligence T&C