Headline
CVE-2022-45069: WordPress Crowdsignal Dashboard plugin <= 3.0.9 - Privilege Escalation vulnerability - Patchstack
Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress.
Verified
Fixed
6.3
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 3.0.9
PSID
f282810db26a
Classification
Privilege Escalation
OWASP Top 10
A2: Broken Authentication
Required privilege
Requires contributor or higher role user authentication.
Publicly disclosed
2022-11-17
Details
Privilege Escalation vulnerability discovered by Nosa “apapedulimu” Shandy (Patchstack Alliance) in the WordPress Crowdsignal Dashboard plugin (versions <= 3.0.9).
Solution
Update the WordPress Polldaddy Polls & Ratings plugin to the latest available version (at least 3.0.10).
References
Changeset Changeset