Description
Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253.
Published: 2026-05-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an incorrect privilege assignment in the Saleswonder Team: Tobias WebinarIgnition plugin for WordPress, allowing attackers to elevate their permissions beyond intended limits. Such privilege escalation could give an adversary control over the WordPress site, compromising confidentiality, integrity, and availability of website data. The weakness is categorized as CWE‑266, improper elevation of privileges.

Affected Systems

Affected vendor and product: Saleswonder Team: Tobias WebinarIgnition plugin for WordPress. Any installation of this plugin using a version older than 4.08.253 is susceptible. WordPress sites that rely on the vulnerable plugin version are exposed to escalation risk.

Risk and Exploitability

The CVSS score of 9.8 classifies the issue as critical; the EPSS score is not reported and the vulnerability does not appear in CISA KEV. The description does not specify an attack vector or prerequisites, but since the plugin runs within WordPress, exploitation is likely delivered through web requests to the host site or administrative interfaces. Actual exploitation conditions are not detailed, so the threat remains high but the exact entry path is uncertain.

Generated by OpenCVE AI on May 27, 2026 at 13:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patched version of WebinarIgnition (4.08.253 or newer).
  • If an upgrade is not immediately possible, consider disabling the plugin or restricting its use to administrators.
  • Review and adjust role and capability assignments for users interacting with the plugin to ensure they align with intended privileges.

Generated by OpenCVE AI on May 27, 2026 at 13:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
Description Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253.
Title WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-27T10:47:59.236Z

Reserved: 2026-04-29T09:05:35.592Z

Link: CVE-2026-42758

cve-icon Vulnrichment

Updated: 2026-05-27T10:47:54.151Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T11:16:22.330

Modified: 2026-05-27T14:50:47.627

Link: CVE-2026-42758

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T13:15:06Z

Weaknesses