CVE-2022-3419

Published: Oct 31, 2022Modified: May 6, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator

Affected (1)

Products: Addify: Automatic User Roles Switcher

Addify

1 product

Automatic User Roles Switcher

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Addify Automatic User Roles Switcher	Before 1.1.2

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://wpscan.com/vulnerability/5909a423-9841-449c-a569-f687c609817b

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/5909a423-9841-449c-a569-f687c609817b

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.