WordPress Plugin Vulnerabilities

Automatic User Roles Switcher < 1.1.2 - Subscriber+ Privilege Escalation

Description

The plugin does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator

Proof of Concept

Easiest way to reproduce this is w/o the woocommerce plugin active, simply log on as a subscriber and go to the profile page (wp-admin/profile.php), tick the administrator role and update your profile

Affects Plugins

Plugin icon
automatic-user-roles-switcher
Fixed in 1.1.2

References

CVE
CVE-2022-3419

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.8 (high)

Miscellaneous

Original Researcher
WPScan
Verified
Yes
WPVDB ID
5909a423-9841-449c-a569-f687c609817b

Timeline

Publicly Published
2022-10-10 (about 1 years ago)
Added
2022-10-10 (about 1 years ago)
Last Updated
2022-10-10 (about 1 years ago)

Other

Published
Title
Published
2020-03-16
Title
LearnPress < 3.2.6.7 - Privilege Escalation
Published
2024-03-29
Title
WholesaleX < 1.3.3 - Unauthenticated Privilege Escalation
Published
2020-01-01
Title
Import Users From CSV with Meta 1.15 - Unauthorised Authenticated Users Export
Published
2017-11-27
Title
Elementor Page Builder < 1.8.0 - Authenticated Unrestricted Editing
Published
2022-03-01
Title
Multilist Subscribe for Sendy <= 1.6.1 - Subscriber+ Arbitrary Options Update