Search criteria
1 vulnerability by waseem_senjer
CVE-2021-4360 (GCVE-0-2021-4360)
Vulnerability from cvelistv5 – Published: 2023-06-07 01:51 – Updated: 2026-04-08 17:05
VLAI
Title
Controlled Admin Access < 1.5.6 - Privilege Escalation
Summary
The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access.
Severity
9.9 (Critical)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| waseem_senjer | Controlled Admin Access |
Affected:
0 , < 1.5.6
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:10.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-23T16:01:06.594687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T16:21:35.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Controlled Admin Access",
"vendor": "waseem_senjer",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerome Bruandet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:05:58.363Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve"
},
{
"url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/"
},
{
"url": "https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt"
},
{
"url": "https://wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-03-30T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Controlled Admin Access \u003c 1.5.6 - Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-4360",
"datePublished": "2023-06-07T01:51:29.828Z",
"dateReserved": "2023-06-06T12:53:52.550Z",
"dateUpdated": "2026-04-08T17:05:58.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}