CVE-2026-14262: The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and inclu
The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the payload parameter. The vulnerability exists because AuthenticateService::generatePayload() only overwrites JWT payload keys whose names appear in the admin-configured jwt_payload list — leaving any attacker-supplied identity claims such as email, id, or username intact and signed into the JWT with the site's HS256 secret. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an Administrator by injecting a target administrator's email address into the payload parameter at the /wp-json/simple-jwt-login/v1/auth endpoint, then redeeming the resulting JWT at the /autologin endpoint to obtain a fully authenticated session as that administrator.
Details
Original advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-14262
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-14262 | coverage & exploitation status | NVD · CVE.org |
More from NVD Recent CVEs
- unknownCVE-2026-57828: The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload t…2026-07-11
- unknownCVE-2026-57827: The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that al…2026-07-11
- highCVE-2026-1359: The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized m…2026-07-11
- highCVE-2026-9282: The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up…2026-07-11
- mediumCVE-2026-9017: The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to autho…2026-07-11