2 matches found
CVE-2021-24602
The CVE-2021-24602 entry refers to the HM Multiple Roles WordPress plugin (versions prior to 1.3) with a lack of access control that allows a low-privilege user to elevate themselves to Administrator via the profile page. This is a privilege-escalation vulnerability, with impact described as unau...
CVE-2021-24602 HM Multiple Roles < 1.3 - Arbitrary Role Change
The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page...