8.8
CVE-2023-0820
- EPSS 0.41%
- Veröffentlicht 03.04.2023 15:15:18
- Zuletzt bearbeitet 14.02.2025 17:15:13
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginUser Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRF
User Role by BestWebSoft <= 1.6.6 - Cross-Site Request Forgery to Privilege Escalation
The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role.
Mögliche Gegenmaßnahme
User Role by BestWebSoft – Add and Customize Roles and Capabilities in WordPress: Update to version 1.6.7, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bestwebsoft ≫ User Role SwPlatformwordpress Version < 1.6.7
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
User Role by BestWebSoft – Add and Customize Roles and Capabilities in WordPress
Version
*-1.6.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.326 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://wpscan.com/vulnerability/b93d9f9d-0fd9-49b8-b465-d32b95351912
https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4bc525-a21f-46f2-895a-c8474f72eb92