Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:0627F51B-B318-47F7-89D8-80295684034F
HistoryAug 10, 2023 - 12:00 a.m.

WP Project Manager < 2.6.5 - Subscriber+ Privilege Escalation

2023-08-1000:00:00
wpscan.com
4
wp project manager
privilege escalation
authentication
user metadata

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

51.7%

JSON

Description The plugin does not have authorisation and does not properly check for the user metadata to be updated via the save_users_map_name() function, allowing any authenticated users, such as subscriber to update their role and gain administrator privileges

Related

packetstorm 1
cve 1
cvelist 1
nvd 1
wordfence 2
prion 1
packetstorm
packetstorm
WordPress WP Project Manager 2.6.4 Privilege Escalation
2023-08-10 00:00:00
cve
cve
CVE-2023-3636
2023-08-31 06:15:10
cvelist
cvelist
CVE-2023-3636
2023-08-31 05:33:09
nvd
nvd
CVE-2023-3636
2023-08-31 06:15:10
wordfence
wordfence
weDevs Addresses Privilege Escalation Vulnerability in WP Project Manager WordPress Plugin
2023-08-09 18:04:32
2023’s Critical WordPress Vulnerabilities and How They Work
2024-02-12 19:11:21
prion
prion
Authorization
2023-08-31 06:15:00

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

51.7%

JSON
Related for WPVDB-ID:0627F51B-B318-47F7-89D8-80295684034F
packetstorm1cve1cvelist1nvd1wordfence2prion1