CVE-2021-24602

CVE-2021-24602: HM Multiple Roles < 1.3 - Arbitrary Role Change

Vendor Unknown
Product HM Multiple Roles
Weakness CWE-269
Published August 23, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page

Key dates

02Disclosure timeline

August 23, 2021 CVE published
August 3, 2024 Record updated