Описание
The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'usernames' parameter.
Ссылки
- Product
- Patch
- Third Party Advisory
- Product
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.6.5 (исключая)
cpe:2.3:a:wedevs:wp_project_manager:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 24%
0.00082
Низкий
8.8 High
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.8
github
больше 2 лет назад
The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'usernames' parameter.
EPSS
Процентиль: 24%
0.00082
Низкий
8.8 High
CVSS3
Дефекты
NVD-CWE-noinfo