WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including Use, 1e5e11558113028f36d2378e9333ef8cce6f0104

CVE, Research URL: 1e5e11558113028f36d2378e9333ef8cce6f0104
Home page URL: Security reports for WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including Use
Application: WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including Use
Published on: Jun 28, 2023
Research Description: WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars [wp-post-author] < 3.3.0 WP Post Author <= 3.2.3 - Privilege Escalation The WP Post Author plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.2.3. This is due to insufficient controls on the /set-user-data REST API endpoint. This makes it possible for authenticated attackers to set their user role to administrator and gain complete access to the site. Attackers can easily obtain authenticated access using the /v1/frontend/register-user REST API endpoint, even when registration is disabled on the site.
Affected versions: max 3.3.0.
Status: vulnerable

WP Post Author &#8211; Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including Use, 1e5e11558113028f36d2378e9333ef8cce6f0104