← back
CVE-2022-3911

iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin

CVSS 8.8 HIGHEPSS 0.5%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
02 Jan 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as edit_plugins etc
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H