all InfoSec news
Privilege Escalation Vulnerability Patched Promptly in WP Data Access WordPress Plugin
Malware Analysis, News and Indicators - Latest topics malware.news
On April 5, 2023 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in WP Data Access, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an authenticated attacker to grant themselves administrative privileges via a profile update, if the targeted site has the ‘Role Management’ setting enabled.
Wordfence Premium, Care, and Response users received a firewall rule to protect against any exploits targeting this …
access administrative privileges april care data data access disclosure escalation exploits firewall flaw free grant intelligence management plugin premium privilege privilege escalation privileges process profile protect response responsible responsible disclosure role targeting team threat threat intelligence update version vulnerability wordfence wordpress wordpress plugin