Cyber Resilience

CVE-2026-0912

High

Published: 19 February 2026

Published
19 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0029 20.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-0912 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Wordpress (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-0912 affects the Toret Manager plugin for WordPress in all versions up to and including 1.2.7. The vulnerability stems from missing capability checks in the 'trman_save_option' and 'trman_save_option_items' functions within the plugin's admin class, enabling unauthorized modification of data that leads to privilege escalation. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-269 (Improper Privilege Management).

Authenticated attackers with Subscriber-level access or higher can exploit this issue remotely with low complexity and no user interaction required. By updating arbitrary WordPress options, they can, for example, change the default role for new user registrations to administrator and enable user registration, allowing them to create accounts with full administrative access to the site.

References point to the vulnerable code in the plugin's admin class at lines 210 and 227 of class-toret-manager-admin.php in version 1.2.7, a changeset 3464839 in the WordPress plugin repository indicating a patch, and a Wordfence threat intelligence advisory detailing the issue.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trman_save_option' function and on the 'trman_save_option_items' in all versions up to, and including,…

more

1.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Missing capability checks enable authenticated users to modify arbitrary options for privilege escalation to admin.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23896Shared CWE-269
CVE-2025-27639Shared CWE-269
CVE-2025-8899Shared CWE-269
CVE-2025-26705Shared CWE-269
CVE-2015-10139Shared CWE-269
CVE-2026-8972Shared CWE-269
CVE-2025-0893Shared CWE-269
CVE-2026-6769Shared CWE-269
CVE-2025-2858Shared CWE-269
CVE-2025-48613Shared CWE-269

Affected Assets

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least privilege to prevent Subscriber-level users from performing unauthorized option modifications that enable privilege escalation.

prevent

Requires enforcement of approved access authorizations, directly addressing the missing capability checks in the plugin's trman_save_option functions.

prevent

Mandates timely identification, reporting, and correction of flaws like the missing capability checks patched in the plugin update.

References