CVE-2026-8787: CWE-269 Improper Privilege Management in devsabbirahmed Firebase Support & Chat Management
The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the `firebase_auth()` function authenticating the request as the WordPress user whose email is supplied in the `user_email` POST parameter without verifying ownership of that email (no Firebase ID token signature/issuer/audience verification). This makes it possible for authenticated attackers, with Subscriber-level access and above, to log in as an arbitrary existing user — including an Administrator — by submitting that user's email address to the `acb_firebase_auth` AJAX action, resulting in full account takeover.
AI Analysis
Technical Summary
CVE-2026-8787 is a privilege escalation vulnerability in the Firebase Support & Chat Management WordPress plugin (<= 3.1.1). The vulnerability arises because the firebase_auth() function authenticates requests based on the user_email POST parameter without verifying the Firebase ID token's signature, issuer, or audience. This lack of proper authentication allows attackers with Subscriber-level access or higher to log in as arbitrary users, including Administrators, via the acb_firebase_auth AJAX action, resulting in full account takeover. The vulnerability is categorized under CWE-269 (Improper Privilege Management) and has a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The affected product is a cloud service, and a patch is available.
Potential Impact
An authenticated attacker with Subscriber-level or higher privileges can escalate their privileges by impersonating any existing user, including Administrators. This leads to full account takeover, compromising confidentiality, integrity, and availability of the affected WordPress site. The vulnerability enables complete control over the site by unauthorized users.
Mitigation Recommendations
A patch is available for this vulnerability. Since the product is a cloud service, the vendor typically manages remediation server-side. Users should verify with the vendor advisory for confirmation of patch deployment and ensure their plugin version is updated beyond 3.1.1. Until patched, restrict Subscriber-level access and monitor for suspicious activity related to the acb_firebase_auth AJAX action.
CVE-2026-8787: CWE-269 Improper Privilege Management in devsabbirahmed Firebase Support & Chat Management
Description
The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the `firebase_auth()` function authenticating the request as the WordPress user whose email is supplied in the `user_email` POST parameter without verifying ownership of that email (no Firebase ID token signature/issuer/audience verification). This makes it possible for authenticated attackers, with Subscriber-level access and above, to log in as an arbitrary existing user — including an Administrator — by submitting that user's email address to the `acb_firebase_auth` AJAX action, resulting in full account takeover.
CVSS v3.1
Score 8.8high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-8787 is a privilege escalation vulnerability in the Firebase Support & Chat Management WordPress plugin (<= 3.1.1). The vulnerability arises because the firebase_auth() function authenticates requests based on the user_email POST parameter without verifying the Firebase ID token's signature, issuer, or audience. This lack of proper authentication allows attackers with Subscriber-level access or higher to log in as arbitrary users, including Administrators, via the acb_firebase_auth AJAX action, resulting in full account takeover. The vulnerability is categorized under CWE-269 (Improper Privilege Management) and has a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The affected product is a cloud service, and a patch is available.
Potential Impact
An authenticated attacker with Subscriber-level or higher privileges can escalate their privileges by impersonating any existing user, including Administrators. This leads to full account takeover, compromising confidentiality, integrity, and availability of the affected WordPress site. The vulnerability enables complete control over the site by unauthorized users.
Mitigation Recommendations
A patch is available for this vulnerability. Since the product is a cloud service, the vendor typically manages remediation server-side. Users should verify with the vendor advisory for confirmation of patch deployment and ensure their plugin version is updated beyond 3.1.1. Until patched, restrict Subscriber-level access and monitor for suspicious activity related to the acb_firebase_auth AJAX action.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-05-17T10:38:06.737Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 6a169061e29bf47b509e16ce
Added to database: 5/27/2026, 6:34:09 AM
Last enriched: 5/27/2026, 6:48:33 AM
Last updated: 5/29/2026, 6:34:31 PM
Views: 17
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.