Description
The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trman_save_option' function and on the 'trman_save_option_items' in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Published: 2026-02-19
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Upgrade Plugin
AI Analysis

Impact

The Toret Manager plugin for WordPress lacks a capability check in the trman_save_option and trman_save_option_items functions. This omission allows an authenticated user with Subscriber-level permissions or higher to modify any of the plugin’s options. An attacker could alter critical settings such as the default registration role or enable user registration, thereby creating new administrator accounts or otherwise elevating privileges on a compromised site.

Affected Systems

WordPress sites running the Toret Manager plugin version 1.2.7 or earlier are affected. The vulnerability applies to all product releases up to and including 1.2.7 as listed by the CNA.

Risk and Exploitability

The flaw carries a high severity score of 8.8 and a very low likelihood of exploitation, with estimates below 1 percent. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires an authenticated session; attackers can send AJAX requests to the vulnerable endpoints to change options. Successful exploitation could immediately grant administrator privileges or facilitate further compromise of the WordPress installation.

Generated by OpenCVE AI on April 15, 2026 at 20:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Toret Manager plugin to a version newer than 1.2.7 where the capability check has been restored.
  • If an immediate upgrade is not possible, disable or restrict the AJAX endpoints that allow option changes until a patch is applied.
  • After applying the fix, review the site’s user roles and disable automatic user registration if it is not required to prevent privilege escalation via new account creation.

Generated by OpenCVE AI on April 15, 2026 at 20:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
References

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Toret
Toret toret Manager
Wordpress
Wordpress wordpress
Vendors & Products Toret
Toret toret Manager
Wordpress
Wordpress wordpress

Fri, 20 Feb 2026 01:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Feb 2026 05:00:00 +0000

Type Values Removed Values Added
Description The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trman_save_option' function and on the 'trman_save_option_items' in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Title Toret Manager <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Toret Toret Manager
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:50:57.475Z

Reserved: 2026-01-13T18:41:22.149Z

Link: CVE-2026-0912

cve-icon Vulnrichment

Updated: 2026-02-19T17:07:20.483Z

cve-icon NVD

Status : Deferred

Published: 2026-02-19T07:17:42.323

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0912

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T20:30:13Z

Weaknesses