7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
Description The plugin does not have authorisation in its update_user_meta_value function, allowing any authenticated users, such as subscriber to update arbitrary user metadata and grand themselves administrator privileges
patchstack.com/database/vulnerability/build-app-online/wordpress-build-app-online-plugin-1-0-19-authenticated-privilege-escalation-vulnerability