WordPress Plugin Vulnerabilities

User Role Editor <= 4.24 - Privilege Escalation

Description

The User Role Editor WordPress plugin was affected by a Privilege Escalation security vulnerability.

Affects Plugins

Plugin icon
user-role-editor
Fixed in 4.25

References

URL
https://www.wordfence.com/blog/2016/04/user-role-editor-vulnerability/

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
85e595f5-9f04-4799-9a09-c6675071b12c

Timeline

Publicly Published
2016-04-05 (about 10 years ago)
Added
2016-04-05 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2021-01-12
Title
Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation
Published
2025-10-02
Title
Spirit Framework < 1.2.15 - Account Takeover and Privilege Escalation
Published
2025-02-10
Title
WP Foodbakery < 4.8 - Unauthenticated Privilege Escalation in foodbakery_registration_validation
Published
2024-07-09
Title
ProfileGrid – User Profiles, Groups and Communities < 5.9.0 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation
Published
2026-03-13
Title
Search & Go < 2.8.1 - Authenticated (Subscriber+) Privilege Escalation