Vulnerabilities and security researches forpremmerce-user-roles premmerce-user-roles

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Premmerce User Roles
Application: Premmerce User Roles
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-41130
Home page URL: Security reports for Premmerce User Roles
Application: Premmerce User Roles
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in Premmerce Premmerce User Roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through 1.0.12.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: 0862e587283005ab732aedc4131cd120637b6797
Home page URL: Security reports for Premmerce User Roles
Application: Premmerce User Roles
Date: Feb 28, 2022
Research Description: Premmerce User Roles [premmerce-user-roles] < 1.0.11 WordPress Premmerce User Roles plugin <= 1.0.10 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Premmerce User Roles plugin (versions <= 1.0.10).
Affected versions: Min -, max -.
Status: vulnerable