Product
The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation (CVE-2026-8787) where an authenticated attacker with Subscriber-level access can log in as any existing user, including an Administrator, by submitting that user's email address to the `acb_firebase_auth` AJAX action without proper ownership verification, leading to full account takeover.