An unauthenticated privilege escalation vulnerability in Users manager – PN allows attackers to modify arbitrary user account metadata.

The plugin fails to perform proper authorization checks on an AJAX endpoint, and the required nonce is publicly exposed. This allows unauthenticated attackers to update arbitrary user metadata, including security tokens used for authentication.

This vulnerability is rated at 9.8 CVSS, as it allows an unauthenticated attacker to manipulate user accounts, potentially escalating their own privileges to administrative status. This leads to total site compromise and unauthorized access to administrative functions.

Immediate Action: Update the Users manager – PN plugin to the latest available version provided by the vendor.

Proactive Monitoring: Audit user account metadata for unauthorized changes, specifically looking for modifications to security-related fields.

Compensating Controls: Temporarily disable the plugin until a secure update is applied, or use a WAF to block access to the affected AJAX endpoint.

Public Exploit Available: No

The combination of an ineffective nonce and missing authorization checks makes this a critical risk. Administrators must update the plugin immediately and inspect user account records for any signs of tampering.