A Broken Access Control vulnerability has been identified in the WordPress Premmerce User Roles Plugin. This vulnerability allows an unprivileged user to perform actions that they are not authorized to do, such as changing the permissions of other users or deleting content.

The discovery of this vulnerability is attributed to Nguyen Xuan Chien.


The vulnerability has a CVSS 3.1 score of 8.1, which is considered to be high. This means that the vulnerability is likely to be exploited and could have a significant impact on the affected system.

Affected Versions:

The vulnerability affects WordPress websites that use the Premmerce User Roles Plugin prior to version 1.0.13.


An attacker who successfully exploits this vulnerability could:

  • Change the permissions of other users.
  • Delete content.
  • Install malicious plugins or themes.
  • Take control of the website.


To shield the website from potential vulnerabilities, users can also take the following action:

  • Immediate Update: Ensure that the Premmerce User Roles Plugin is updated to the latest available version, ideally version 1.0.13. This update contains critical fixes addressing the Broken Access Control vulnerability and bolstering overall plugin security.
  • Regular Security Audits: Regularly conduct comprehensive security audits on the WordPress website to proactively identify and rectify vulnerabilities. Consistent updates and patches are paramount for upholding a secure environment.
  • Stay Informed: Keep watch for official updates or advisories pertinent to the Premmerce User Roles Plugin. Timely updates and heightened awareness are essential components of maintaining a website’s security.