Lucene search
WpvulndbWPVDB-ID:7871B890-5172-40AA-88F2-A1B95E240AD4HistoryApr 06, 2023 - 12:00 a.m.
WP Data Access < 5.3.8 - Subscriber+ Privilege Escalation
2023-04-0600:00:00
wpscan.com
14
wordpress
data access
privilege escalation
0.003 Low
EPSS
Percentile
68.5%
The plugin does not have authorisation in the multiple_roles_update function, allowing any authenticated users, such as subscriber to update their role and set themselves as admin for example, when the ‘Enable role management’ setting is enabled.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp-data-access | lt | 5.3.8 |
Related
zdt
zdt
WordPress WP Data Access 5.3.7 Privilege Escalation Vulnerability
2023-04-12 00:00:00
nvd
nvd
CVE-2023-1874
2023-04-12 14:15:07
prion
prion
Authorization
2023-04-12 14:15:00
cve
cve
CVE-2023-1874
2023-04-12 14:15:07
packetstorm
packetstorm
WordPress WP Data Access 5.3.7 Privilege Escalation
2023-04-12 00:00:00
cvelist
cvelist
CVE-2023-1874
2023-04-12 13:30:09
wordfence
wordfence