CVE-2022-3419
Automatic User Roles Switcher < 1.1.2 - Subscriber+ Privilege Escalation
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
31 Oct 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected products
Unknown · Automatic User Roles SwitcherWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →