How severe is CVE-2021-24602?

CVE-2021-24602 has a CVSS v3 score of 8.8 (HIGH).

CVE-2021-24602

Name: hm_multiple_roles
Author: hmplugin

8.8HIGH

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page

公開日: 8/23/2021更新日: 11/21/2024

説明

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page

AI分析AIによる分析

影響を受ける製品

hmpluginhm_multiple_roles

参照

https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/
ExploitThird Party Advisory
https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5
Third Party Advisory
https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/
ExploitThird Party Advisory
https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5
Third Party Advisory