Vulnerabilities > CVE-2022-3419 - Unspecified vulnerability in Addify Automatic User Roles Switcher

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
addify

Summary

The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator

Vulnerable Configurations

Part Description Count
Application
Addify
1