Vulnerabilities > CVE-2021-24602 - Incorrect Resource Transfer Between Spheres vulnerability in Hmplugin HM multiple Roles

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

hmplugin

CWE-669

NVD

Published: 2021-08-23

Updated: 2022-10-25

Summary

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page

Vulnerable Configurations

Part	Description	Count
Application	Hmplugin Hmplugin HM Multiple Roles *	1

Common Weakness Enumeration (CWE)

CWE-669 - Incorrect Resource Transfer Between Spheres

References

https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/
https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5