Published: 12/04/2023 Updated: 07/11/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiple_roles_update function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wpda_role[]' parameter during a profile update. This requires the 'Enable role management' setting to be enabled for the site.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wpdataaccess wp data access

WordPress WP Data Access plugin versions 537 and below suffer from a privilege escalation vulnerability ...

https://plugins.trac.wordpress.org/browser/wp-data-access/tags/5.3.8/WPDataRoles/WPDA_Roles.php#L23 https://www.wordfence.com/threat-intel/vulnerabilities/id/8f562e33-2aef-46f0-8a65-691155ede9e7?source=cve https://plugins.trac.wordpress.org/browser/wp-data-access/tags/5.3.8/WPDataRoles/WPDA_Roles.php#L50 https://plugins.trac.wordpress.org/browser/wp-data-access/tags/5.3.7/WPDataRoles/WPDA_Roles.php#L50 http://packetstormsecurity.com/files/171825/WordPress-WP-Data-Access-5.3.7-Privilege-Escalation.html https://nvd.nist.gov https://packetstormsecurity.com/files/171825/WordPress-WP-Data-Access-5.3.7-Privilege-Escalation.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-1874

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect