Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in PublishPress Capabilities – User Role Editor, Access Permissions, Admin Menus 2.3.2

  • Severity: medium-risk
  • Status: Fixed
  • Publication: January 13, 2022

The PublishPress Capabilities plugin for WordPress is not secure in versions up to 2.3.2. If a user clicks on a link that was sent by an unauthenticated attacker, it could allow them to inject malicious code into the page which would be executed. This is because the plugin does not properly filter or protect against malicious input.

Detected in:

PublishPress Capabilities – User Role Editor, Access Permissions, Admin Menus fixed vulnerable versions: >= * <= 2.3.2
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus fixed vulnerable versions:
User Role Editor, Access Control, Admin Menus – PublishPress Capabilities fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.