CVE-2023-0820

User Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRF

CVSS 8.8 HIGHEPSS 0.4%CWE-352

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

03 Apr 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Unknown · User Role by BestWebSoft

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/b93d9f9d-0fd9-49b8-b465-d32b95351912