CVE-2022-3419 Automatic User Roles Switcher < 1.1.2 - Subscriber+ Privilege Escalation

2022-10-3100:00:00

CWE-269

CWE-352

WPScan

www.cve.org

wordpress

plugin

privilege escalation

csrf

authentication

cve-2022-3419

EPSS

0.001

Percentile

21.2%

JSON

The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Automatic User Roles Switcher",
    "versions": [
      {
        "version": "1.1.2",
        "status": "affected",
        "lessThan": "1.1.2",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/5909a423-9841-449c-a569-f687c609817b

EPSS

0.001

Percentile

21.2%

JSON

Related for CVELIST:CVE-2022-3419