CVE-2021-4360
Controlled Admin Access < 1.5.6 - Privilege Escalation
CVSS Score
9.9
EPSS Score
0.0%
EPSS Percentile
0th
The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access.
| CWE | CWE-284 |
| Vendor | waseem_senjer |
| Product | controlled admin access |
| Published | Jun 7, 2023 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for waseem_senjer controlled admin access
Be the first to know when new critical vulnerabilities affecting waseem_senjer controlled admin access are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
waseem_senjer / Controlled Admin Access
0 < 1.5.6
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve blog.nintechnet.com: https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/ plugins.svn.wordpress.org: https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt wpscan.com: https://wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c
Credits
Jerome Bruandet