Description
The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `downgrade_jquery_version()` function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to downgrade the site-wide jQuery version from 3.7.1 to the legacy 1.12.4-wp release, which has knowns security vulnerabilities.
Published: 2026-05-27
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Enable jQuery Migrate Helper plugin for WordPress fails to verify user capabilities when calling the downgrade_jquery_version() function. The only check performed is a nonce, allowing any authenticated user with at least Subscriber access to trigger the downgrade of the site‑wide jQuery library from 3.7.1 to the legacy 1.12.4‑wp release. The older release contains known security vulnerabilities that could be exploited once loaded on the site, effectively weakening site security without requiring additional privilege escalation.

Affected Systems

The vulnerability is present in clorith:Enable jQuery Migrate Helper versions up to and including 1.4.1, which is distributed as a WordPress plugin. All WordPress sites that have this plugin installed and an authenticated user role of Subscriber or higher are potentially affected.

Risk and Exploitability

The issue carries a CVSS score of 6.5, indicating a moderate severity. Because the exploit requires only authentication as a Subscriber (a common role), the likelihood of exploitation is significant in environments where such users exist. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. An attacker would reach the vulnerable function through the plugin’s downgrade endpoint after providing a valid nonce; the lack of capability checks means the action can be performed by anyone with Subscriber access.

Generated by OpenCVE AI on May 27, 2026 at 09:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Enable jQuery Migrate Helper to a version later than 1.4.1 that implements a proper capability check for downgrade_jquery_version()
  • If an upgrade is not possible, edit the plugin or use a filter to disable or remove the downgrade_jquery_version() function so that no user can trigger the downgrade
  • Restrict the ability of Subscriber-level users to run this action by removing the role or modifying WordPress capabilities so they cannot access the plugin’s downgrade endpoint

Generated by OpenCVE AI on May 27, 2026 at 09:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 08:00:00 +0000

Type Values Removed Values Added
Description The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `downgrade_jquery_version()` function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to downgrade the site-wide jQuery version from 3.7.1 to the legacy 1.12.4-wp release, which has knowns security vulnerabilities.
Title Enable jQuery Migrate Helper <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-05-27T10:30:36.610Z

Reserved: 2026-02-26T16:20:26.575Z

Link: CVE-2026-3279

cve-icon Vulnrichment

Updated: 2026-05-27T10:30:32.063Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T08:16:40.573

Modified: 2026-05-27T14:50:47.627

Link: CVE-2026-3279

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T09:30:27Z

Weaknesses