The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have…
WPScan·CWE-352·Published 2022-01-10
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.
El plugin PublishPress Capabilities de WordPress versiones anteriores a 2.3.1, el plugin PublishPress Capabilities Pro de WordPress versiones anteriores a 2.3.1 no presentan comprobaciones de autorización y CSRF cuando es actualizada la configuración del plugin por medio del gancho init, y no se asegura de que las opciones que van a actualizarse pertenecen al plugin. Como resultado, atacantes no autenticados podrían actualizar opciones arbitrarias del blog, como el rol por defecto y hacer que cualquier nuevo usuario registrado tenga un rol de administrador
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 7.5 | 10.0 | 6.4 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| 3.1 | Primary | NVD | 9.8 | 3.9 | 5.9 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |