HIGH🇵🇱 Wersja polska

CVE-2021-24602

CVSS 8.8v3.1pub. 2021-08-23upd. 2024-11-21

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Hmplugin Hm Multiple Roles

    APP
    Hmplugin
    < 1.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-29384CRITICAL10.0PL ✓ten sam vendor

Nieograniczony upload plików w WordPress Plugin JobWP — RCE

CVE-2023-48288HIGH7.5ten sam vendor

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and ...

CVE-2024-50459MEDIUM5.3ten sam vendor

Missing Authorization vulnerability in Hossni Mubarak AidWP wp-stripe-donation allows Exploiting Incorrectly C...

CVE-2023-23705MEDIUM4.3ten sam vendor

Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <= 4.4.8 versions.

CVE-2022-47422MEDIUM4.3ten sam vendor

Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 ve...