Linksy Search and Replace plugin for WordPress all versions up to and including 1.0.4
Summary
This vulnerability arises from a missing capability check on the linksy_search_and_replace_item_details function in the affected WordPress plugin. It allows authenticated attackers with as little as subscriber-level access to modify arbitrary database values, including user role metadata. Attackers can exploit this flaw to change their role to administrator and gain full access to the WordPress site.
Remediation
Update the Linksy Search and Replace plugin to the latest patched version released by the vendor that fixes the missing capability check. If no patched version is available, remove the plugin from your WordPress installation immediately to eliminate the risk.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.