CVE-2026-12097

The User Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify the plugin's export field configuration stored in the uiewp_export_field option, controlling which user fields such as password hashes are included in CSV exports and how columns are mapped during imports.
Configurations

No configuration.

History

08 Jul 2026, 06:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-08 06:16

Updated : 2026-07-08 14:55


NVD link : CVE-2026-12097

Mitre link : CVE-2026-12097

CVE.ORG link : CVE-2026-12097


JSON object : View

Products Affected

No product.

CWE
CWE-862

Missing Authorization