Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in PublishPress Capabilities – User Role Editor, Access Permissions, Admin Menus 2.3.1

  • Severity: critical
  • Status: Fixed
  • Publication: December 8, 2021

The PublishPress Capabilities and PublishPress Capabilities Pro WordPress plugins before version 2.3.1 had a security issue that allowed unauthorized people to change settings in the plugin. This could be used to give any new user who registered on the blog an administrator role

Detected in:

PublishPress Capabilities – User Role Editor, Access Permissions, Admin Menus fixed vulnerable versions: >= * < 2.3.1
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus fixed vulnerable versions:
User Role Editor, Access Control, Admin Menus – PublishPress Capabilities fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.