cleantalk
Vulnerabilities and Security Researches

Multiple Roles, CVE-2021-4402

CVE, Research URL

CVE-2021-4402

Home page URL

Security reports for Multiple Roles

Application

Multiple Roles

Published on
Jul 01, 2023
Research Description
The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the mu_add_roles_in_signup_meta() and mu_add_roles_in_signup_meta_recently() functions. This makes it possible for unauthenticated attackers to add additional roles to users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.3.2.
Status
vulnerable
Previous vulnerability researches
Multiple Roles per User (CVE-2025-11620) , Dec 11, 2025
HM Multiple Roles (CVE-2022-4974) , Nov 15, 2024
HM Multiple Roles (e0ced8390daf806f54b9f4a1542719af14d54b4a) , Jun 16, 2026
HM Multiple Roles (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
HM Multiple Roles (661d3ede59a4c35b13b428b41eac91ad993f33cf) , Jun 16, 2026
New vulnerability
Crowdsignal Dashboard – Polls, Surveys & more (b732c59dbc8814112a721c04961233c80cbdd4e3) , Jun 16, 2026
Crowdsignal Dashboard – Polls, Surveys & more (5863cd07827046fb85842e7b72c73715b49ad21e) , Jun 16, 2026
Crowdsignal Dashboard – Polls, Surveys & more (cf3e7f88-e35c-4367-bbc9-4594e4e93b4d) , Jun 16, 2026
Crowdsignal Dashboard – Polls, Surveys & more (e1e608d932ae973dc4f9915f88c48ced7eb74add) , Jun 16, 2026
Crowdsignal Dashboard – Polls, Surveys & more (a79df87447b00d8aabcd06ebdd31682481b0a0e4) , Jun 16, 2026