Clemorphy

**Name of the Vulnerable Software and Affected Versions** HM Multiple Roles WordPress plugin versions prior to 1.3 **Description** The issue concerns a lack of access control in the HM Multiple Roles WordPress plugin, allowing low-privilege users to elevate their privileges to admin via their profile page. **Recommendations** For versions prior to 1.3, update to version 1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the profile page or removing the ability for users to modify their roles until the update is applied.