WordPress Plugin Vulnerabilities

WP Project Manager < 2.6.5 - Subscriber+ Privilege Escalation

Description

The plugin does not have authorisation and does not properly check for the user metadata to be updated via the save_users_map_name() function, allowing any authenticated users, such as subscriber to update their role and gain administrator privileges

Affects Plugins

Plugin icon
wedevs-project-manager
Fixed in 2.6.5

References

CVE
CVE-2023-3636
URL
https://www.wordfence.com/blog/2023/08/wedevs-addresses-privilege-escalation-vulnerability-in-wp-project-manager-wordpress-plugin/

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Lana Codes, Chloe Chamberland
Verified
No
WPVDB ID
0627f51b-b318-47f7-89d8-80295684034f

Timeline

Publicly Published
2023-08-09 (about 9 months ago)
Added
2023-08-10 (about 9 months ago)
Last Updated
2023-08-10 (about 9 months ago)

Other

Published
Title
Published
2022-07-06
Title
Simple Membership < 4.1.3 - Unauthenticated Membership Privilege Escalation
Published
2020-02-17
Title
wpCentral < 1.5.1 - Improper Access Control to Privilege Escalation
Published
2019-05-31
Title
WP Live Chat Support < 8.0.33 - Missing Permission Checks on some REST API Calls
Published
2020-05-13
Title
Site Kit by Google < 1.8.0 - Privilege Escalation to gain Search Console Access
Published
2021-07-20
Title
HM Multiple Roles < 1.3 - Arbitrary Role Change