WordPress HM Multiple Roles plugin < 1.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress HM Multiple Roles plugin versions 1.6. Solution Update the WordPress HM Multiple Roles plugin to the latest available version at least 1.6...

CVE-2021-24602

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page...

Code injection

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page...

CVE-2021-24602

The CVE-2021-24602 entry refers to the HM Multiple Roles WordPress plugin (versions prior to 1.3) with a lack of access control that allows a low-privilege user to elevate themselves to Administrator via the profile page. This is a privilege-escalation vulnerability, with impact described as unau...

CVE-2021-24602 HM Multiple Roles < 1.3 - Arbitrary Role Change

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page...

PT-2021-16117 · WordPress · Hm Multiple Roles

Name of the Vulnerable Software and Affected Versions: HM Multiple Roles WordPress plugin versions prior to 1.3 Description: The issue concerns a lack of access control in the HM Multiple Roles WordPress plugin, allowing low-privilege users to elevate their privileges to admin via their profile...

WordPress HM Multiple Roles plugin <= 1.2 - Arbitrary Role Change vulnerability

Arbitrary Role Change vulnerability discovered by clemorphy in WordPress HM Multiple Roles plugin versions = 1.2. Solution Update the WordPress HM Multiple Roles plugin to the latest available version at least 1.3...