CVE-2021-4360
9.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| waseem_senjer | Controlled Admin Access | 0 < 1.5.6 | affected |
Weaknesses
- CWE-284: CWE-284 Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve
- https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/
- https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt
- https://wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve
- https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/
- https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt
- https://wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.