HIGH🇬🇧 English

CVE-2021-24602

CVSS 8.8v3.1pub. 2021-08-23upd. 2024-11-21

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Hmplugin Hm Multiple Roles

    APP
    Hmplugin
    < 1.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-29384CRITICAL10.0PL ✓ten sam vendor

Nieograniczony upload plików w WordPress Plugin JobWP — RCE

CVE-2023-48288HIGH7.5ten sam vendor

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and ...

CVE-2024-50459MEDIUM5.3ten sam vendor

Missing Authorization vulnerability in Hossni Mubarak AidWP wp-stripe-donation allows Exploiting Incorrectly C...

CVE-2023-23705MEDIUM4.3ten sam vendor

Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <= 4.4.8 versions.

CVE-2022-47422MEDIUM4.3ten sam vendor

Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 ve...

CVE-2021-24602 — HIGH 8.8 | CVEbaza.pl