Unrestricted Privilege Escalation in HM Multiple Roles WordPress Plugin

Unrestricted Privilege Escalation in HM Multiple Roles WordPress Plugin

CVE-2021-24602 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page

Learn more about our Wordpress Pen Testing.