Описание
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabilities() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role of any user account to administrator.
EPSS
Процентиль: 34%
0.00139
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 9.8
github
3 месяца назад
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabilities() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role of any user account to administrator.
EPSS
Процентиль: 34%
0.00139
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-862