What is CVE-2026-8157?

CVE-2026-8157 is a high-severity vulnerability in Vitepos, classified under Improper Privilege Management. CVSS score: 8.8/10. Published 2026-06-22.

How severe is CVE-2026-8157?

High severity. CVSS v3 base score is 8.8 out of 10.

Privilege escalation in Vitepos

CVE-2026-8157

The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4…

Vulnerability class: Privilege Escalation

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Unknown Vitepos — versions 0

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

contact@wpscan.com (technical-description, exploit, vdb-entry)

Frequently asked questions

What is CVE-2026-8157?: CVE-2026-8157 is a high-severity vulnerability in Vitepos, classified under Improper Privilege Management. CVSS score: 8.8/10. Published 2026-06-22.
How severe is CVE-2026-8157?: High severity. CVSS v3 base score is 8.8 out of 10.