1 results (0.009 seconds)
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24602 – HM Multiple Roles < 1.3 - Arbitrary Role Change
https://notcve.org/view.php?id=CVE-2021-24602
The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page El plugin de WordPress HM Múltiple Roles versiones anteriores a 1.3, no presenta ningún control de acceso para evitar a usuarios pocos privilegiados se establezcan como administradores por medio de su página de perfil. • https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5 • CWE-269: Improper Privilege Management CWE-669: Incorrect Resource Transfer Between Spheres •