CVE-2022-3419 Automatic User Roles Switcher < 1.1.2 - Subscriber+ Privilege Escalation

The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator...

PT-2022-22058 · WordPress · Automatic User Roles Switcher

Name of the Vulnerable Software and Affected Versions: Automatic User Roles Switcher WordPress plugin versions prior to 1.1.2 Description: The issue concerns a lack of proper authorization and CSRF checks, allowing authenticated users, such as subscribers, to add any role to themselves, including...