Controlled Admin Access < 1.5.6 – Improper Access Control to Privilege Escalation | CVE 2021-4360 | Plugin Vulnerabilities

Description

The plugin did not properly restrict access when checking user with limited access, allowing them to query pages they should not be able to, which could lead to privilege escalation by creating a new administrator with full, unrestricted access to the blog.

Proof of Concept

Created a temporary admin account via the plugin (/wp-admin/users.php?page=controlled_admin_access), with limited access, logon with it and open the below URLs which should not be accessible

- https://example.com/wp-admin/admin.php?page=%2Fcontrolled_admin_access

Affects Plugins

controlled-admin-access

Fixed in 1.5.6

References

CVE

URL

https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Jerome Bruandet (nintechnet.com)

Verified

Yes

WPVDB ID

5ddc0a9d-c081-4bef-aa87-3b10d037379c

Timeline

Publicly Published

2021-03-30 (about 3 years ago)

Added

2021-03-30 (about 3 years ago)

Last Updated

2023-06-08 (about 11 months ago)

Other

Published

Title

Published

2021-10-05

Title

WP Survey Plus <= 1.0 - Subscriber+ AJAX Calls

Published

2021-10-20

Title

Responsive Image Slider, Photo Gallery And Carousel < 1.3.6 - Subscriber+ Arbitrary Post Access

Published

2024-02-21

Title

Event Tickets and Registration < 5.8.2 - Missing Authorization

Published

2023-10-16

Title

Awesome Support < 6.1.5 - Insufficient permission check in wpas_edit_reply

Published

2021-10-11

Title

Post Expirator < 2.6.0 - Contributor+ Arbitrary Post Schedule Deletion