The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HWpruby Controlled Admin Access
APPWpruby≤ 1.5.5
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPE
References
Related vulnerabilities
CVE-2021-24215CRITICAL9.8ten sam produkt
An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before...
CVE-2023-1125MEDIUM6.5ten sam vendor
The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the...