8.8

CVE-2023-3636

WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation

WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation

The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'usernames' parameter.
Mögliche Gegenmaßnahme
Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker: Update to version 2.6.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WedevsWp Project Manager SwPlatformwordpress Version < 2.6.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker
Version *-2.6.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.69% 0.479
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@wordfence.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://plugins.trac.wordpress.org/browser/wedevs-project-manager/tags/2.6.3/src/User/Controllers/User_Controller.php#L158
Product
https://plugins.trac.wordpress.org/changeset/2942291/wedevs-project-manager#file1792
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/6a5e4708-db3e-483c-852f-1a487825cf92?source=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/6a5e4708-db3e-483c-852f-1a487825cf92
Third Party Advisory