9.9
CVE-2021-4360
- EPSS 1.15%
- Veröffentlicht 07.06.2023 02:15:14
- Zuletzt bearbeitet 08.04.2026 18:17:16
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginControlled Admin Access < 1.5.6 - Privilege Escalation
Controlled Admin Access < 1.5.6 - Privilege Escalation
The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access.
Mögliche Gegenmaßnahme
Controlled Admin Access: Update to version 1.5.6, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpruby ≫ Controlled Admin Access SwPlatformwordpress Version <= 1.5.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Controlled Admin Access
Version
[*, 1.5.6)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.15% | 0.628 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/
https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt
https://wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c
https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d