Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:A45C6ACA-3932-4869-92A5-812E3B980400
HistoryApr 15, 2021 - 12:00 a.m.

User Rights Access Manager < 1.0.4 - Improper Access Controls

2021-04-1500:00:00
wpscan.com
5
JSON

The plugin did not properly restrict access to some paths, still allowing a restricted user to access them, and edit the Blog Options, create/edit posts and so on for example

PoC

To reproduce it, install the plugin, create a new admin user and take all his privileges using the mentioned plugin (block all his access). Result: You’ll still be a able to access those paths. A fully restricted Admin Class user still has access to the following paths: v < 1.0.3 /wp-admin/options.php /wp-admin/post.php?post=1&action;=edit /wp-admin/comment.php?action=editcomment&c;=1 Comments > Approve / Unapprove Comments > Reply Comments > Spam Comments > Trash / Delete Permanently v <= 1.0.3 /wp-admin/options.php/ /wp-admin/post.php/?post=1&action;=edit /wp-admin/comment.php/?action=editcomment&c;=1 v < 1.0.4 /wp-admin/options.php.

JSON