WordPress Premmerce User Roles plugin <= 1.0.12 - Broken Access Control vulnerability
CVE-2023-41130
8.1HIGH
Summary
The vulnerability in the Premmerce User Roles plugin for WordPress arises from missing authorization controls, allowing attackers to exploit incorrectly configured access levels. This issue potentially enables malicious users to gain unauthorized access to resource functionalities, permitting them to alter permissions or access sensitive information. Implementing proper access management practices is crucial for securing installations of the Premmerce User Roles plugin, particularly versions up to and including 1.0.12, to mitigate the risk of such unauthorized exploitations.
Affected Version(s)
Premmerce User Roles <= 1.0.12
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Nguyen Xuan Chien (Patchstack Alliance)