Lucene search

K
wpvulndbWpvulndbWPVDB-ID:A45C6ACA-3932-4869-92A5-812E3B980400
HistoryApr 15, 2021 - 12:00 a.m.

User Rights Access Manager < 1.0.4 - Improper Access Controls

2021-04-1500:00:00
wpscan.com
5

The plugin did not properly restrict access to some paths, still allowing a restricted user to access them, and edit the Blog Options, create/edit posts and so on for example

PoC

To reproduce it, install the plugin, create a new admin user and take all his privileges using the mentioned plugin (block all his access). Result: You’ll still be a able to access those paths. A fully restricted Admin Class user still has access to the following paths: v < 1.0.3 /wp-admin/options.php /wp-admin/post.php?post=1&action;=edit /wp-admin/comment.php?action=editcomment&c;=1 Comments > Approve / Unapprove Comments > Reply Comments > Spam Comments > Trash / Delete Permanently v <= 1.0.3 /wp-admin/options.php/ /wp-admin/post.php/?post=1&action;=edit /wp-admin/comment.php/?action=editcomment&c;=1 v < 1.0.4 /wp-admin/options.php.

CPENameOperatorVersion
user-rights-access-managerlt1.0.4