2025-12-20 06:22:02
Wordfence
PUBLISHED
The Flex Store Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.0. This is due to the fsUserHandle::signup and the fsSellerRole::add_role_seller functions not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the administrator role during registration and gain administrator access to the site. Note: The vulnerability can be exploited with the fs_type parameter if the Flex Store Seller plugin is also activated.