Login Sign Up

CVE-2023-0820

8.8 HIGH
Authentication Bypass CSRF

📋 TL;DR

This CSRF vulnerability in the User Role WordPress plugin allows attackers to escalate privileges for any user role without authentication. Attackers can trick authenticated administrators into performing unintended actions, potentially granting attackers administrative access. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:
  • User Role by BestWebSoft WordPress Plugin
Versions: All versions before 1.6.7
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the plugin to be installed and activated. WordPress sites with administrator accounts are vulnerable.

📦 What is this software?

User Role by Bestwebsoft

View all CVEs affecting User Role →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover where attackers gain administrative privileges, install backdoors, steal data, or deface the website.

🟠

Likely Case

Attackers gain elevated privileges to modify content, create new admin accounts, or install malicious plugins/themes.

🟢

If Mitigated

With proper CSRF protections and user awareness, exploitation requires social engineering and may be detected before damage occurs.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires tricking an authenticated administrator into clicking a malicious link or visiting a compromised page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.7

Vendor Advisory: https://wordpress.org/plugins/user-role/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'User Role' plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.6.7+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patching is possible

wp plugin deactivate user-role

Implement CSRF Protection

all

Add WordPress nonce verification to role capability update requests

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block CSRF attacks targeting role capability updates
  • Educate administrators about phishing risks and implement strict access controls for admin accounts

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins. If version is below 1.6.7, you are vulnerable.

Check Version:

wp plugin get user-role --field=version

Verify Fix Applied:

Confirm plugin version is 1.6.7 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual role capability modifications
  • Multiple failed CSRF token validations
  • Administrative actions from unexpected IP addresses

Network Indicators:

  • POST requests to /wp-admin/admin-ajax.php with role update parameters without proper referrer headers

SIEM Query:

source="wordpress.log" AND ("action=update_role_capabilities" OR "user_role_plugin") AND status!=200

📊 Metadata

CVE ID: CVE-2023-0820
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: April 3, 2023
Last Updated: February 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0820, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)