# CVE-2023-1874 POC CVE-2023-1874 refers to a privilege escalation vulnerability in the WP Data Access plugin for WordPress, affecting versions up to 5.3.7. The issue arises from insufficient authorization checks on the multiple_roles_update function. This flaw allows authenticated users with low privileges, such as a subscriber, to modify their roles by sending a specially crafted request, which includes the 'wpda_role[]' parameter. However, for this exploit to work, the site must have the "Enable role management" setting turned on. The vulnerability could enable attackers to elevate their privileges on the site, posing a security risk. It was fixed in version 5.3.8 of the plugin # POC **Disclaimer**: This proof of concept is for educational purposes only. It demonstrates the privilege escalation vulnerability in the WP Data Access plugin for WordPress. Unauthorized use or exploitation of this vulnerability against systems you do not own or have explicit permission to test is illegal and unethical. Always conduct security testing responsibly and within the bounds of the law. # Let's start Here, we have our user 'Bob' logged in, on whom we will perform a privilege escalation to administrator.  As you can see, we are logged in as a low-level user named Bob. In the user settings, we need to update and intercept the request for further modification.  Click on 'Update' and intercept the request using Burp Suite. Below is the intercepted HTTP request, which we will modify to achieve privilege escalation. By carefully altering the parameters within this request, we can successfully escalate Bob's privileges to administrator.  Now let's add this line `&wpda_role[]=administrator` to the data being sent by our profile.php, as shown in the image below.  We have completed our task; now simply forward the request, and this will grant our user Bob administrative privileges.  Here we are! Thank you, and happy hacking! **Author of the POC**=`hacksparo` **This cve was assigned by** `Wordfence`