CVE-2021-24602
HIGHHM Multiple Roles < 1.3 - Unauthenticated Privilege Escalation via Profile Page
Title source: llmDescription
The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/5fd2548a-08de-4417-bff1-f174dab718d5
Exploit, Third Party Advisory x_refsource_misc
https://jetpack.com/2021/08/05/privilege-escalation-in-hm-multiple-roles-wordpress-plugin/
Scores
CVSS v3
8.8
EPSS
0.0146
EPSS Percentile
70.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-669
CWE-269
Status
published
Products (1)
hmplugin/hm_multiple_roles
< 1.3
Published
Aug 23, 2021
Tracked Since
Feb 18, 2026