Description
The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the `firebase_auth()` function authenticating the request as the WordPress user whose email is supplied in the `user_email` POST parameter without verifying ownership of that email (no Firebase ID token signature/issuer/audience verification). This makes it possible for authenticated attackers, with Subscriber-level access and above, to log in as an arbitrary existing user — including an Administrator — by submitting that user's email address to the `acb_firebase_auth` AJAX action, resulting in full account takeover.
Published: 2026-05-27
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Firebase Support & Chat Management plugin for WordPress fails to verify ownership of an email supplied to the `firebase_auth()` function. An attacker who is already authenticated with Subscriber‑level or higher privileges can submit any existing user’s email to the `acb_firebase_auth` AJAX action and be logged in as that user. This flaw allows a full account takeover, including access to any Administrator account, without requiring knowledge of the user’s password.

Affected Systems

WordPress sites using devsabbirahmed’s Firebase Support & Chat Management plugin up to and including version 3.1.1 are vulnerable. All installations of this plugin that have not been updated beyond that version are at risk.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity weakness. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, but the risk remains significant due to the potential for immediate account takeover by any authenticated user. The likely attack vector is remote via the plugin’s AJAX endpoint, which is accessible to all logged‑in WordPress users. Exploitation requires only that the attacker possess Subscriber‑level credentials, after which the attacker can send a crafted POST request containing any user’s email to trigger the privilege escalation.

Generated by OpenCVE AI on May 27, 2026 at 07:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Firebase Support & Chat Management plugin to the most recent version that patches the Firebase authentication flaw.
  • If an upgrade is not immediately possible, temporarily disable or remove the acb_firebase_auth AJAX action from the plugin to block the attack surface.
  • Restrict the permissions of the AJAX endpoint by allowing access only to Administrator users or by implementing a firewall rule that rejects requests from lower‑privileged accounts.
  • Configure monitoring or logging to detect suspicious POST requests to the acb_firebase_auth action.

Generated by OpenCVE AI on May 27, 2026 at 07:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Devsabbirahmed
Devsabbirahmed firebase Support & Chat Management
Wordpress
Wordpress wordpress
Vendors & Products Devsabbirahmed
Devsabbirahmed firebase Support & Chat Management
Wordpress
Wordpress wordpress

Wed, 27 May 2026 06:30:00 +0000

Type Values Removed Values Added
Description The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the `firebase_auth()` function authenticating the request as the WordPress user whose email is supplied in the `user_email` POST parameter without verifying ownership of that email (no Firebase ID token signature/issuer/audience verification). This makes it possible for authenticated attackers, with Subscriber-level access and above, to log in as an arbitrary existing user — including an Administrator — by submitting that user's email address to the `acb_firebase_auth` AJAX action, resulting in full account takeover.
Title Firebase Support & Chat Management <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Devsabbirahmed Firebase Support & Chat Management
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-05-27T10:34:45.799Z

Reserved: 2026-05-17T10:38:06.737Z

Link: CVE-2026-8787

cve-icon Vulnrichment

Updated: 2026-05-27T10:34:40.683Z

cve-icon NVD

Status : Received

Published: 2026-05-27T07:16:15.060

Modified: 2026-05-27T07:16:15.060

Link: CVE-2026-8787

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T10:07:11Z

Weaknesses