CVE-2023-1874

moderate-risk
Published 2023-04-12

The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiple_roles_update function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wpda_role[]' parameter during a profile update. This requires the 'Enable role management' setting to be enabled for the site.

Do I need to act?

~
4.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / HIGH complexity

Affected Products (1)

Wp Data Access

Affected Vendors

Wpdataaccess

References (10)

Not Applicable https://plugins.trac.wordpress.org/browser/wp-data-access/tags/5.3.7/WPDataRoles...
Not Applicable https://plugins.trac.wordpress.org/browser/wp-data-access/tags/5.3.8/WPDataRoles...
Not Applicable https://plugins.trac.wordpress.org/browser/wp-data-access/tags/5.3.8/WPDataRoles...
https://www.wordfence.com/blog/2023/04/privilege-escalation-vulnerability-patche...
Third Party Advisory https://www.wordfence.com/threat-intel/vulnerabilities/id/8f562e33-2aef-46f0-8a6...
Third Party Advisory http://packetstormsecurity.com/files/171825/WordPress-WP-Data-Access-5.3.7-Privi...
Not Applicable https://plugins.trac.wordpress.org/browser/wp-data-access/tags/5.3.7/WPDataRoles...
Not Applicable https://plugins.trac.wordpress.org/browser/wp-data-access/tags/5.3.8/WPDataRoles...
Not Applicable https://plugins.trac.wordpress.org/browser/wp-data-access/tags/5.3.8/WPDataRoles...
Third Party Advisory https://www.wordfence.com/threat-intel/vulnerabilities/id/8f562e33-2aef-46f0-8a6...
35
/ 100
moderate-risk
Severity 22/34 · High
Exploitability 8/34 · Low
Exposure 5/34 · Minimal