Login Sign Up

CVE-2023-3636

8.8 HIGH

📋 TL;DR

The WP Project Manager WordPress plugin up to version 2.6.4 contains a privilege escalation vulnerability. Authenticated attackers with minimal permissions (such as subscribers) can modify their user role to gain administrative privileges. This affects all WordPress sites using vulnerable versions of the plugin.

💻 Affected Systems

Products:
  • WP Project Manager WordPress Plugin
Versions: Up to and including 2.6.4
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the WP Project Manager plugin enabled. Any authenticated user (including subscribers) can exploit this vulnerability.

📦 What is this software?

Wp Project Manager by Wedevs

View all CVEs affecting Wp Project Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full administrative access to the WordPress site, allowing them to install malicious plugins/themes, modify content, steal data, or take complete control of the site.

🟠

Likely Case

Attackers elevate their privileges to administrator level, then install backdoors, create new admin accounts, or modify site content for malicious purposes.

🟢

If Mitigated

With proper access controls and monitoring, privilege escalation attempts are detected and blocked before damage occurs.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but minimal permissions. The vulnerability is well-documented with public proof-of-concept available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.5 and later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/2942291/wedevs-project-manager

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'WP Project Manager' and check if update is available. 4. Click 'Update Now' to upgrade to version 2.6.5 or later. 5. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily disable the WP Project Manager plugin until patched

wp plugin deactivate wedevs-project-manager

Restrict user registration

all

Disable new user registration to prevent attackers from creating accounts

🧯 If You Can't Patch

  • Implement strict access controls and monitor for privilege escalation attempts
  • Disable the WP Project Manager plugin entirely until patching is possible

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins → WP Project Manager version. If version is 2.6.4 or lower, you are vulnerable.

Check Version:

wp plugin get wedevs-project-manager --field=version

Verify Fix Applied:

After updating, verify WP Project Manager plugin shows version 2.6.5 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual user role changes in WordPress logs
  • Multiple failed privilege escalation attempts
  • Suspicious POST requests to user management endpoints

Network Indicators:

  • HTTP POST requests to /wp-admin/admin-ajax.php with 'save_users_map_name' action
  • Requests containing 'usernames' parameter from low-privilege users

SIEM Query:

source="wordpress" AND (action="save_users_map_name" OR parameter="usernames") AND user_role="subscriber"

📊 Metadata

CVE ID: CVE-2023-3636
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: August 31, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON