WordPress Multiple Themes Privilege Escalation

OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C6 CWE-269 WASC-17 WSTG-ATHZ-03

Privilege escalation is a vulnerability in operating system to gain elevated access to resources that are normally protected from an application or user. An application with all access privilege by the application developer or system administrator can perform unauthorized actions. The older versions of WordPress had this vulnerability by which, any authenticated user can activate this Privilege Escalation vulnerability. This was due to weak permissions checking. Through this attack, an attacker can update options such as:-

  1. changing user’s default role
  2. registration state etc.

Impact

The impact include:-

  • Loosing access to the server
  • Possible data breach
  • Possible data manipulation

Mitigation / Precaution

Latest Articles