[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHKHcNmdFqxKjSFbEP4nJADNEmGb5uAcHnVatBQwPL3M":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":9,"research_verified":22,"research_rounds_completed":23,"research_plan":9,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":9,"research_started_at":9,"research_completed_at":9,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":22,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":22,"source_links":24},"WF-155e3de1-e115-4683-bb4d-a0c5667dc3d3-wp-post-author","wp-post-author-privilege-escalation","WP Post Author \u003C= 3.2.3 - Privilege Escalation","The WP Post Author plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.2.3. This is due to insufficient controls on the \u002Fset-user-data REST API endpoint. This makes it possible for authenticated attackers to set their user role to administrator and gain complete access to the site. Attackers can easily obtain authenticated access using the \u002Fv1\u002Ffrontend\u002Fregister-user REST API endpoint, even when registration is disabled on the site.","wp-post-author",null,"\u003C=3.2.3","3.3.0","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Privilege Management","2023-06-28 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F155e3de1-e115-4683-bb4d-a0c5667dc3d3?source=api-prod",209,[],false,0,{"type":25,"vulnerable_version":9,"fixed_version":9,"vulnerable_browse":9,"vulnerable_zip":9,"fixed_browse":9,"fixed_zip":9,"all_tags":26},"plugin","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwp-post-author\u002Ftags"]