The User Role Editor plugin for WordPress has a security flaw that could allow anyone who is logged in to the system to give themselves the administrator role. This vulnerability is present in versions up to 4.24 and is caused by the ‘update’ function not checking for the correct authorization.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
