CVE-2021-24602

Опубликовано: 23 авг. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page

Ссылки

https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5
Third Party Advisory
https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hmplugin:hm_multiple_roles:*:*:*:*:*:wordpress:*:*

Версия до 1.3 (исключая)

EPSS

Процентиль: 71%

0.00659

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269

CWE-669

Связанные уязвимости

GHSA-q963-v9w4-pqp9