CVE-2026-3279
MEDIUM
6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
Description
AI Translation Available
The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `downgrade_jquery_version()` function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to downgrade the site-wide jQuery version from 3.7.1 to the legacy 1.12.4-wp release, which has knowns security vulnerabilities.
862
Missing Authorization
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Access Control
Availability
Potential Impacts:
Read Application Data
Read Files Or Directories
Modify Application Data
Modify Files Or Directories
Gain Privileges Or Assume Identity
Bypass Protection Mechanism
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Dos: Resource Consumption (Other)
Applicable Platforms
Technologies:
AI/ML, Web Server, Database Server, Not Technology-Specific
https://plugins.trac.wordpress.org/browser/enable-jquery-migrate-helper/tags/1.…
https://plugins.trac.wordpress.org/browser/enable-jquery-migrate-helper/tags/1.…
https://plugins.trac.wordpress.org/browser/enable-jquery-migrate-helper/trunk/c…
https://plugins.trac.wordpress.org/browser/enable-jquery-migrate-helper/trunk/c…
https://www.wordfence.com/threat-intel/vulnerabilities/id/1a74d5f4-1dd8-4d49-b4…