CVE-2023-0820: User Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRF
First published: Mon Apr 03 2023(Updated: )
The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bestwebsoft User Role Wordpress | <1.6.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the User Role by BestWebSoft WordPress plugin?
The vulnerability ID for the User Role by BestWebSoft WordPress plugin is CVE-2023-0820.
What is the severity of CVE-2023-0820?
CVE-2023-0820 has a severity score of 8.8, which is considered high.
What does CVE-2023-0820 affect?
CVE-2023-0820 affects the User Role by BestWebSoft WordPress plugin versions up to but excluding 1.6.7.
What is the risk associated with CVE-2023-0820?
CVE-2023-0820 allows for arbitrary privilege escalation of any role in the User Role by BestWebSoft WordPress plugin.
Is there a fix available for CVE-2023-0820?
Yes, updating the User Role by BestWebSoft WordPress plugin to version 1.6.7 or later will fix the vulnerability.
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/bestwebsoft
- canonical/bestwebsoft user role wordpress