CVE-2021-24602 HM Multiple Roles < 1.3 - Arbitrary Role Change

2021-08-2311:10:19

CWE-269

WPScan

www.cve.org

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.7%

JSON

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page

CNA Affected

[
  {
    "product": "HM Multiple Roles",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.3",
        "status": "affected",
        "version": "1.3",
        "versionType": "custom"
      }
    ]
  }
]