Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to Unknown - Automatic User Roles Switcher

cve-2022-3419

Vulnerability from cvelistv5

Published

2022-10-31 00:00

Modified

2024-08-03 01:07

Severity ?

Summary

The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator

References

▼	URL	Tags
	https://wpscan.com/vulnerability/5909a423-9841-449c-a569-f687c609817b

Impacted products

Vendor

Product

Version

▼

Unknown

Automatic User Roles Switcher

Version: 1.1.2 < 1.1.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:07:06.705Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/5909a423-9841-449c-a569-f687c609817b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Automatic User Roles Switcher",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.1.2",
              "status": "affected",
              "version": "1.1.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "url": "https://wpscan.com/vulnerability/5909a423-9841-449c-a569-f687c609817b"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Automatic User Roles Switcher \u003c 1.1.2 - Subscriber+ Privilege Escalation",
      "x_generator": "WPScan CVE Generator"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-3419",
    "datePublished": "2022-10-31T00:00:00",
    "dateReserved": "2022-10-07T00:00:00",
    "dateUpdated": "2024-08-03T01:07:06.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}