Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for hm_multiple_roles by hmplugin
CVE-2021-24602 (GCVE-0-2021-24602)
Vulnerability from nvd – Published: 2021-08-23 11:10 – Updated: 2024-08-03 19:35
VLAI?
Title
HM Multiple Roles < 1.3 - Arbitrary Role Change
Summary
The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page
Severity ?
No CVSS data available.
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | HM Multiple Roles |
Affected:
1.3 , < 1.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HM Multiple Roles",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "1.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-23T11:10:19.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HM Multiple Roles \u003c 1.3 - Arbitrary Role Change",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24602",
"STATE": "PUBLIC",
"TITLE": "HM Multiple Roles \u003c 1.3 - Arbitrary Role Change"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HM Multiple Roles",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5"
},
{
"name": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/",
"refsource": "MISC",
"url": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24602",
"datePublished": "2021-08-23T11:10:19.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:20.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24602 (GCVE-0-2021-24602)
Vulnerability from cvelistv5 – Published: 2021-08-23 11:10 – Updated: 2024-08-03 19:35
VLAI?
Title
HM Multiple Roles < 1.3 - Arbitrary Role Change
Summary
The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page
Severity ?
No CVSS data available.
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | HM Multiple Roles |
Affected:
1.3 , < 1.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HM Multiple Roles",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "1.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-23T11:10:19.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HM Multiple Roles \u003c 1.3 - Arbitrary Role Change",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24602",
"STATE": "PUBLIC",
"TITLE": "HM Multiple Roles \u003c 1.3 - Arbitrary Role Change"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HM Multiple Roles",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5"
},
{
"name": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/",
"refsource": "MISC",
"url": "https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24602",
"datePublished": "2021-08-23T11:10:19.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:20.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}