WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

User Rights Access Manager < 1.0.4 - Improper Access Controls

Description

The plugin did not properly restrict access to some paths, still allowing a restricted user to access them, and edit the Blog Options, create/edit posts and so on for example

Proof of Concept

To reproduce it, install the plugin, create a new admin user and take all his privileges using the mentioned plugin (block all his access). 
Result: You'll still be a able to access those paths.

A fully restricted Admin Class user still has access to the following paths: 

v < 1.0.3
/wp-admin/options.php 
/wp-admin/post.php?post=1&action=edit 
/wp-admin/comment.php?action=editcomment&c=1 
Comments > Approve / Unapprove 
Comments > Reply 
Comments > Spam 
Comments > Trash / Delete Permanently

v <= 1.0.3
/wp-admin/options.php/
/wp-admin/post.php/?post=1&action=edit
/wp-admin/comment.php/?action=editcomment&c=1

v < 1.0.4
/wp-admin/options.php.

Affects Plugins

user-rights-access-manager
Fixed in version 1.0.4

Classification

Type

ACCESS CONTROLS

OWASP top 10
A5: Broken Access Control
CWE
CWE-284

Miscellaneous

Verified

Yes

WPVDB ID
a45c6aca-3932-4869-92a5-812e3b980400

Timeline

Publicly Published

2021-04-15 (about 1 years ago)

Added

2021-04-15 (about 1 years ago)

Last Updated

2021-04-15 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin