Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in PublishPress Capabilities – User Role Editor, Access Permissions, Admin Menus 1.5.9

  • Severity: high-risk
  • Status: Fixed
  • Publication: June 20, 2018

The PublishPress Capabilities plugin for WordPress has a security vulnerability that affects versions up to, and including, 1.5.8. This vulnerability makes it possible for someone with certain abilities to add extra SQL commands to existing queries. This could be used to extract sensitive information from the database. To protect your website, make sure that you update to the latest version of the PublishPress Capabilities plugin.

Detected in:

PublishPress Capabilities – User Role Editor, Access Permissions, Admin Menus fixed vulnerable versions: >= * < 1.5.9
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus fixed vulnerable versions:
User Role Editor, Access Control, Admin Menus – PublishPress Capabilities fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.