Vulnerability CVE-2023-0820
Published: 2023-04-03

Description:
The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role.

Type:

CWE-352

 (Cross-Site Request Forgery (CSRF))

 References:
https://wpscan.com/vulnerability/b93d9f9d-0fd9-49b8-b465-d32b95351912
Copyright 2026, cxsecurity.com

 

Back to Top