Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

CVE-2025-11620

The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpuaddmultiplerolesui' and 'mrpusavemultipleuserroles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated...

CVE-2025-11620 Multiple Roles per User <= 1.0 - Missing Authorization to Authenticated (Custom+) Privilege Escalation

The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpuaddmultiplerolesui' and 'mrpusavemultipleuserroles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated...

WordPress plugin Multiple Roles per User 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

PT-2025-47251

Name of the Vulnerable Software and Affected Versions Multiple Roles per User plugin for WordPress versions up to and including 1.0 Description The Multiple Roles per User plugin for WordPress has a flaw that allows unauthorized data modification. This is due to a missing capability check within...

WordPress Multiple Roles per User plugin <= 1.0 - Missing Authorization to Authenticated (Custom+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Custom+ Privilege Escalation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Multiple Roles per User versions = 1.0...

EUVD-2023-24076

Malicious code in bioql PyPI...

CVE-2023-1874

The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiplerolesupdate function. This makes it possible for authenticated attackers, with minimal permissions such as a...

CVE-2021-4402

The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the muaddrolesinsignupmeta and muaddrolesinsignupmetarecently functions. This makes it possible for unauthenticated...

WordPress HM Multiple Roles Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)

Software HM Multiple Roles Type Plugin Vulnerable versions = 1.8 Fixed in 1.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7297b541283e Credits Rafie Muhammad Patchstack Required...

CVE-2021-4402

The CVE-2021-4402 entry describes a CSRF vulnerability in the WordPress Multiple Roles plugin up to version 1.3.1 due to missing or incorrect nonce validation in mu_add_roles_in_signup_meta() and mu_add_roles_in_signup_meta_recently(). Unauthenticated attackers could coerce an administrator into ...

WordPress Plugin Multiple Roles 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-12514 · WordPress · Hm Multiple Roles

Name of the Vulnerable Software and Affected Versions: Multiple Roles plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is due to missing or incorrect nonce validation on the mu add roles in signup meta and mu add roles in signup meta recently functions. This allows...

CVE-2023-1874

The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiplerolesupdate function. This makes it possible for authenticated attackers, with minimal permissions such as a...

WordPress HM Multiple Roles plugin < 1.6 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress HM Multiple Roles plugin versions 1.6. Solution Update the WordPress HM Multiple Roles plugin to the latest available version at least 1.6...

WordPress HM Multiple Roles plugin < 1.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress HM Multiple Roles plugin versions 1.6. Solution Update the WordPress HM Multiple Roles plugin to the latest available version at least 1.6...

CVE-2021-24602

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page...

Code injection

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page...

CVE-2021-24602

The CVE-2021-24602 entry refers to the HM Multiple Roles WordPress plugin (versions prior to 1.3) with a lack of access control that allows a low-privilege user to elevate themselves to Administrator via the profile page. This is a privilege-escalation vulnerability, with impact described as unau...

CVE-2021-24602 HM Multiple Roles < 1.3 - Arbitrary Role Change

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page...