Description
WordPress Plugin User Role Editor is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions by gaining administrator access. WordPress Plugin User Role Editor version 4.24 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.25 or latest
References
https://www.wordfence.com/blog/2016/04/user-role-editor-vulnerability/
Related Vulnerabilities
WordPress Plugin WP Ajax Recent Posts 'number' Parameter Cross-Site Scripting (1.0.1)
WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (4.0.9)
WordPress Plugin WordPress OpenID Connect Client Cross-Site Scripting (2.1.4)
WordPress Plugin MathJax-LaTeX Cross-Site Request Forgery (1.1)
WordPress Plugin W3 Total Cache Multiple Vulnerabilities (0.9.4.1)