Description
The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role.
References
https://wpscan.com/vulnerability/b93d9f9d-0fd9-49b8-b465-d32b95351912
ExploitThird Party Advisory
Weaknesses
Could not find any weaknesses
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-04-03T15:15:18.920
1 year agoLast modified
2023-11-07T04:01:31.660
8 months ago