Search
Find a vulnerability
Search criteria
2 vulnerabilities found for HM Multiple Roles by Unknown
CVE-2021-24602 (GCVE-0-2021-24602)
Vulnerability from nvd – Published: 2021-08-23 11:10 – Updated: 2024-08-03 19:35
VLAI
Title
HM Multiple Roles < 1.3 - Arbitrary Role Change
Summary
The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page
Severity
No CVSS data available.
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/5fd2548a-08de-44… | x_refsource_MISC |
| https://jetpack.com/2021/08/05/privilege-escalati… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | HM Multiple Roles |
Affected:
1.3 , < 1.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HM Multiple Roles",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "1.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-23T11:10:19.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HM Multiple Roles \u003c 1.3 - Arbitrary Role Change",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24602",
"STATE": "PUBLIC",
"TITLE": "HM Multiple Roles \u003c 1.3 - Arbitrary Role Change"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HM Multiple Roles",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5"
},
{
"name": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/",
"refsource": "MISC",
"url": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24602",
"datePublished": "2021-08-23T11:10:19.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:20.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24602 (GCVE-0-2021-24602)
Vulnerability from cvelistv5 – Published: 2021-08-23 11:10 – Updated: 2024-08-03 19:35
VLAI
Title
HM Multiple Roles < 1.3 - Arbitrary Role Change
Summary
The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page
Severity
No CVSS data available.
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/5fd2548a-08de-44… | x_refsource_MISC |
| https://jetpack.com/2021/08/05/privilege-escalati… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | HM Multiple Roles |
Affected:
1.3 , < 1.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HM Multiple Roles",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "1.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-23T11:10:19.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HM Multiple Roles \u003c 1.3 - Arbitrary Role Change",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24602",
"STATE": "PUBLIC",
"TITLE": "HM Multiple Roles \u003c 1.3 - Arbitrary Role Change"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HM Multiple Roles",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5"
},
{
"name": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/",
"refsource": "MISC",
"url": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24602",
"datePublished": "2021-08-23T11:10:19.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:20.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}