CVE-2021-4360
CRITICALControlled Admin Access <1.5.5 - Privilege Escalation
Title source: llmDescription
The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access.
References (4)
Core 4
Core References
Scores
CVSS v3
9.9
EPSS
0.0115
EPSS Percentile
63.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (2)
waseem_senjer/Controlled Admin Access
< 1.5.6
wpruby/controlled_admin_access
< 1.5.5
Published
Jun 07, 2023
Tracked Since
Feb 18, 2026