What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in Jthemes Sale! Immigration law, Visa services support, Migration Agent Consulting immiex allows Privilege Escalation.This issue affects Sale! Immigration law, Visa services support, Migration Agent Consulting: from n/a through <= 1.5.8.
Explanation of Vulnerability in Simple Terms
02Summary
A privilege escalation vulnerability in Jthemes' Sale! Immigration law plugin allows authenticated users with low privileges to read sensitive data, modify site content, and disrupt service. The vulnerability stems from insufficient access controls on critical functions. Affected versions through 1.5.8 require immediate patching.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify content, and disrupt the site's availability.
Potential impact on your site
04Site Impact
Compromised user accounts can access confidential information, alter pages, and cause downtime without admin intervention.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site.
Key dates
06Disclosure timeline
December 18, 2025
CVE published
April 28, 2026
Record updated