Critical severity9.9NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026

CVE-2021-4360

Description

The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access.

Affected products

Wpruby/Controlled Admin Access
cpe:2.3:a:wpruby:controlled_admin_access:*:*:*:*:*:wordpress:*:*
Range: <=1.5.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/nvdExploit
wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379cnvdExploit
www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04dnvdThird Party Advisory
plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txtnvdRelease Notes

News mentions

No linked articles in our index yet.

cvss	0.643
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000