CVE-2023-3636
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2023-3636 is a privilege escalation vulnerability affecting the WP Project Manager plugin for WordPress. In versions up to 2.6.4, the 'save_users_map_name' function lacks sufficient restrictions, allowing authenticated attackers, including those with minimal permissions like subscribers, to modify their user role by manipulating the 'usernames' parameter. This vulnerability poses a security risk, as unauthorized users could gain elevated access to a WordPress site. Updates to the plugin addressing this issue are recommended for all users to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Wedevs Wp Project Manager
Affected Vendors
- weDevs