Description
Incorrect Privilege Assignment vulnerability in GoodLayers Goodlayers Core goodlayers-core allows Privilege Escalation.This issue affects Goodlayers Core: from n/a through < 2.1.7.
Published: 2025-10-22
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from an Incorrect Privilege Assignment flaw in the GoodLayers Core WordPress plugin. The flaw allows an attacker to elevate privileges beyond what is intended for a given user, thereby compromising the integrity and control over the site. This type of weakness is classified as CWE‑266, improper authorization.

Affected Systems

GoodLayers Core plugin for WordPress is affected. All versions earlier than 2.1.7 are vulnerable; no sub‑version granularity is provided beyond the upper bound of 2.1.7.

Risk and Exploitability

The CVSS score of 8.8 identifies the flaw as high severity. The EPSS score of less than 1 % indicates a low likelihood of exploitation at present. The vulnerability does not appear in the CISA KEV catalog. The likely attack vector involves interacting with the plugin from within the WordPress environment, such as a user account with access to the plugin’s settings, but the CVE description does not specify the exact method of exploitation.

Generated by OpenCVE AI on April 29, 2026 at 20:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the GoodLayers Core plugin to version 2.1.7 or later.
  • Verify that only authorized users retain elevated privileges in WordPress and review any custom role assignments.
  • Monitor WordPress logs for unexpected changes to user capabilities and enforce the principle of least privilege.

Generated by OpenCVE AI on April 29, 2026 at 20:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Thu, 23 Oct 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 23 Oct 2025 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Goodlayers
Goodlayers goodlayers Core
Wordpress
Wordpress wordpress
Vendors & Products Goodlayers
Goodlayers goodlayers Core
Wordpress
Wordpress wordpress

Wed, 22 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
Description Incorrect Privilege Assignment vulnerability in GoodLayers Goodlayers Core goodlayers-core allows Privilege Escalation.This issue affects Goodlayers Core: from n/a through < 2.1.7.
Title WordPress Goodlayers Core plugin < 2.1.7 - Privilege Escalation vulnerability
Weaknesses CWE-266
References

Subscriptions

Goodlayers Goodlayers Core
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T20:20:34.777Z

Reserved: 2025-09-17T18:01:11.731Z

Link: CVE-2025-59580

cve-icon Vulnrichment

Updated: 2025-10-23T15:02:36.840Z

cve-icon NVD

Status : Deferred

Published: 2025-10-22T15:15:56.287

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-59580

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T21:00:09Z

Weaknesses