Description
WordPress Plugin User Role Editor is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions by gaining administrator access. WordPress Plugin User Role Editor version 4.24 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.25 or latest
References
https://www.wordfence.com/blog/2016/04/user-role-editor-vulnerability/
Related Vulnerabilities
WordPress Plugin GiveWP-Donation and Fundraising Platform Multiple Vulnerabilities (2.20.2)
WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1)
WebLogic Improper Certificate Validation Vulnerability (CVE-2020-9488)
Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5495)