The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HWpruby Controlled Admin Access
APPWpruby≤ 1.5.5
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
LPE
Referencje
Powiązane podatności
CVE-2021-24215CRITICAL9.8ten sam produkt
An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before...
CVE-2023-1125MEDIUM6.5ten sam vendor
The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the...