WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Automatic User Roles Switcher < 1.1.2 - Subscriber+ Privilege Escalation

Description

The plugin does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator

Proof of Concept

Easiest way to reproduce this is w/o the woocommerce plugin active, simply log on as a subscriber and go to the profile page (wp-admin/profile.php), tick the administrator role and update your profile

Affects Plugins

automatic-user-roles-switcher
Fixed in version 1.1.2

References

CVE
CVE-2022-3419

Classification

Type

PRIVESC

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269

Miscellaneous

Original Researcher

WPScan

Verified

Yes

WPVDB ID
5909a423-9841-449c-a569-f687c609817b

Timeline

Publicly Published

2022-10-10 (about 7 months ago)

Added

2022-10-10 (about 7 months ago)

Last Updated

2022-10-10 (about 7 months ago)

Our Other Services

WPScan WordPress Security Plugin