WordPress Plugin Vulnerability: Privilege Escalation through Logic Error

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

WordPress Plugin Vulnerability: Privilege Escalation through Logic Error

CVE-2026-0026

Summary

A flaw in the WordPress Permission Manager plugin allows an attacker to gain elevated system permissions without extra rights. To protect your site, update the plugin to the latest version or remove it if possible. Ensure users with administrative access are aware of this vulnerability and take necessary precautions.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
google	android	14.0	–

Original title

In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privile...

Original description

In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

nvd CVSS3.1 7.8

Vulnerability type

CWE-862 Missing Authorization

https://source.android.com/docs/security/bulletin/2026/2026-03-01

Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026