PT-2023-12469 · WordPress · Controlled Admin Access
Jerome Bruandet
·
Published
2023-06-07
·
Updated
2023-06-13
·
CVE-2021-4360
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Controlled Admin Access plugin for WordPress versions up to, and including, 1.5.5
Description
The issue allows for Privilege Escalation by not properly restricting access to the configuration page, making it possible for attackers to create a new administrator role with unrestricted access.
Recommendations
For versions up to, and including, 1.5.5, update to a version that properly restricts access to the configuration page to prevent Privilege Escalation.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Controlled Admin Access