CVE Catalog

CVE-2026-8787

High
Published: Translated: NVD NIST

Summary

The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to and including 3.1.1. The `firebase_auth()` function authenticates the request as the WordPress user whose email is supplied in the `user_email` POST parameter without verifying ownership of that email.

Risk Assessment

The risk is that authenticated attackers with Subscriber-level access and above can log in as any existing user, including an Administrator, resulting in full account takeover.

Recommendation

It is recommended to update the plugin to the latest version and implement additional verification mechanisms to prevent privilege escalation.

Original NVD description (English source)

The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the `firebase_auth()` function authenticating the request as the WordPress user whose email is supplied in the `user_email` POST parameter without verifying ownership of that email (no Firebase ID token signature/issuer/audience verification). This makes it possible for authenticated attackers, with Subscriber-level access and above, to log in as an arbitrary existing user — including an Administrator — by submitting that user's email address to the `acb_firebase_auth` AJAX action, resulting in full account takeover.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS