Vulnerability Details CVE-2021-24602
The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.2%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/
- https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5
- https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/
- https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5
Products affected by CVE-2021-24602
-
cpe:2.3:a:hmplugin:hm_multiple_roles:*