Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitWpvulndbWPEX-ID:5FD2548A-08DE-4417-BFF1-F174DAB718D5
HistoryJul 20, 2021 - 12:00 a.m.

HM Multiple Roles < 1.3 - Arbitrary Role Change

2021-07-2000:00:00
wpvulndb
421

0.001 Low

EPSS

Percentile

36.7%

JSON

The plugin does not have any access control to prevent low privilege users to set themselves as admin via their profile page

As any authenticated user, go to your Profile page and Tick the Administrator Role checkbox. In v1.2, the checkboxes are disabled in the UI but can be tampered with by either using the web browser developer tool or a proxy such as Burp Suite

Related

prion 1
patchstack 1
wpvulndb 1
cve 1
cvelist 1
nvd 1
prion
prion
Code injection
2021-08-23 12:15:00
patchstack
patchstack
WordPress HM Multiple Roles plugin <= 1.2 - Arbitrary Role Change vulnerability
2021-07-20 00:00:00
wpvulndb
wpvulndb
HM Multiple Roles < 1.3 - Arbitrary Role Change
2021-07-20 00:00:00
cve
cve
CVE-2021-24602
2021-08-23 12:15:10
cvelist
cvelist
CVE-2021-24602 HM Multiple Roles < 1.3 - Arbitrary Role Change
2021-08-23 11:10:19
nvd
nvd
CVE-2021-24602
2021-08-23 12:15:10

0.001 Low

EPSS

Percentile

36.7%

JSON
Related for WPEX-ID:5FD2548A-08DE-4417-BFF1-F174DAB718D5
prion1patchstack1wpvulndb1cve1cvelist1nvd1