CVE-2021-4360

Published: Jun 7, 2023Modified: Apr 8, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access.

Affected (1)

Products: Wpruby: Controlled Admin Access

1 product

Controlled Admin Access

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpruby Controlled Admin Access	Up to 1.5.5

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/

Source: security@wordfence.com

Exploit

https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt

Source: security@wordfence.com

Release Notes

https://wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c

Source: security@wordfence.com

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve

Source: security@wordfence.com

Third Party Advisory

https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.