The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HHmplugin Hm Multiple Roles
APPHmplugin< 1.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2023-29384CRITICAL10.0PL ✓ten sam vendor
Nieograniczony upload plików w WordPress Plugin JobWP — RCE
CVE-2023-48288HIGH7.5ten sam vendor
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and ...
CVE-2024-50459MEDIUM5.3ten sam vendor
Missing Authorization vulnerability in Hossni Mubarak AidWP wp-stripe-donation allows Exploiting Incorrectly C...
CVE-2023-23705MEDIUM4.3ten sam vendor
Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <= 4.4.8 versions.
CVE-2022-47422MEDIUM4.3ten sam vendor
Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 ve...