Automatic User Roles Switcher < 1.1.2 – Subscriber+ Privilege Escalation | CVE 2022-3419 | Plugin Vulnerabilities

Description

The plugin does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator

Proof of Concept

Easiest way to reproduce this is w/o the woocommerce plugin active, simply log on as a subscriber and go to the profile page (wp-admin/profile.php), tick the administrator role and update your profile

Affects Plugins

automatic-user-roles-switcher

Fixed in 1.1.2

References

CVE

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

WPScan

Verified

Yes

WPVDB ID

5909a423-9841-449c-a569-f687c609817b

Timeline

Publicly Published

2022-10-10 (about 3 years ago)

Added

2022-10-10 (about 3 years ago)

Last Updated

2022-10-10 (about 3 years ago)

Other

Published

Title

Published

2025-07-08

Title

Sala <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover

Published

2019-12-24

Title

Featured Image from URL <= 2.7.7 - Missing Access Controls on REST routes

Published

2024-10-09

Title

UserPlus <= 2.0 - Editor+ Registration Form Update to Privilege Escalation

Published

2016-02-10

Title

Woocommerce Exporter < 1.8.4 - Privilege Esclation

Published

2024-02-19

Title

Formidable Registration < 2.12 - Contributor+ Arbitrary User Password Reset To Account Takeover