CVE-2023-3636

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 31, 2023
Updated: Nov 7, 2023

Summary

CVE-2023-3636 is a privilege escalation vulnerability affecting the WP Project Manager plugin for WordPress. In versions up to 2.6.4, the 'save_users_map_name' function lacks sufficient restrictions, allowing authenticated attackers, including those with minimal permissions like subscribers, to modify their user role by manipulating the 'usernames' parameter. This vulnerability poses a security risk, as unauthorized users could gain elevated access to a WordPress site. Updates to the plugin addressing this issue are recommended for all users to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Wedevs Wp Project Manager

Affected Vendors

  • weDevs