Really Simple Security logo

Log out
Get PRO

Latest

Output validation vulnerability in PublishPress Capabilities Pro 2.5.1

  • Severity: high-risk
  • Status: Fixed
  • Publication: October 10, 2022

The PublishPress Capabilities plugin for WordPress is not secure in versions 2.5.1 or earlier. It can be tricked into running malicious code when it tries to process an import file. This could let someone with administrator privileges on the system to delete

Detected in:

PublishPress Capabilities – User Role Editor, Access Permissions, Admin Menus fixed vulnerable versions: >= * <= 2.5.1
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus fixed vulnerable versions:
PublishPress Capabilities Pro fixed vulnerable versions: >= * <= 2.5.1
User Role Editor, Access Control, Admin Menus – PublishPress Capabilities fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.