← Back to CVEs
CVE-2021-24602
HIGH8.8
Description
The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published8/23/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
hmplugin:hm_multiple_roles
Weaknesses (CWE)
CWE-269CWE-669
References
https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/(contact@wpscan.com)
https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5(contact@wpscan.com)
https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/(af854a3a-2127-422b-91ae-364da2661108)
https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.