Unrestricted Privilege Escalation in HM Multiple Roles WordPress Plugin
CVE-2021-24602 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page
Learn more about our Wordpress Pen Testing.