LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-4880

CVE-2026-4880 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 16, 2026

Barcode Scanner (+Mobile App) - Privilege Escalation

Published: April 16, 2026Updated: April 16, 2026Remote Exploitable

Overview

Barcode Scanner (+Mobile App) WordPress plugin <= 1.11.0 contains a privilege escalation caused by insecure token-based authentication trusting user-supplied Base64 user ID and lacking meta-key restrictions, letting unauthenticated attackers escalate to admin by spoofing tokens.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 11.9%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can escalate privileges to administrator, gaining full control over the WordPress site.

Mitigation

Update to the latest version beyond 1.11.0 where this issue is fixed.

References

Social Media Activity(2 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Apr 16, 2026

šŸ”“ CVE-2026-4880 - Critical (9.8) The Barcode Scanner (+Mobile App) ā€“ Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0.... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-4880/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
Apr 16, 2026

šŸšØ CVE-2026-4880 (CRITICAL, CVSS 9.8): ukrsolution Barcode Scanner (+Mobile App) plugin for WordPress lets unauthenticated attackers gain admin access via insecure Base64 token handling. Remove or disable plugin until patched. https://radar.offseq.com/threat/cve-2026-4880-cwe-269-improper-privilege-managemen-a28ccef6 #OffSeq #WordPress #CVE2026_4880

View original post

Related Resources

Details

CVE ID
CVE-2026-4880
Severity
Critical
CVSS Score
9.8
Type
broken_access_control
Status
new
EPSS
11.9%
Social Posts
2

CWE

  • CWE-269

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

11.9%Probability of exploitation in the next 30 days