CVE-2022-3419
MEDIUMAutomatic User Roles Switcher < 1.1.2 - Authenticated Privilege Escalation via Missing Authorization
Title source: llmDescription
The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://wpscan.com/vulnerability/5909a423-9841-449c-a569-f687c609817b
Scores
CVSS v3
6.5
EPSS
0.0033
EPSS Percentile
24.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-269
CWE-352
Status
published
Products (1)
addify/automatic_user_roles_switcher
< 1.1.2
Published
Oct 31, 2022
Tracked Since
Feb 18, 2026