5 matches found
CVE-2023-0820
The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role...
WordPress Add User Role Plugin < 1.6.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Add User Role Type Plugin Vulnerable versions 1.6.7 Fixed in 1.6.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0820 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 7eb1f185c259 Credits dc11 Required privilege...
CVE-2023-0820
CVE-2023-0820 affects the WordPress plugin “User Role by BestWebSoft – Add and Customize Roles and Capabilities in WordPress” up to version 1.6.7. The issue is a CSRF vulnerability in requests that update role capabilities, allowing arbitrary privilege escalation for any user role. The impact is ...
CVE-2023-0820 User Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRF
The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role...
CVE-2023-0820 User Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRF
The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role...