Exploit for Controlled Admin Access < 1.5.6 - Improper Access Control to Privilege Escalation

Name: Exploit for Controlled Admin Access < 1.5.6 - Improper Access Control to Privilege Escalation
Rating: 5 (53 reviews)

2021-03-30 | CVSS 2.0

## https://sploitus.com/exploit?id=WPEX-ID:5DDC0A9D-C081-4BEF-AA87-3B10D037379C
Created a temporary admin account via the plugin (/wp-admin/users.php?page=controlled_admin_access), with limited access, logon with it and open the below URLs which should not be accessible

- https://example.com/wp-admin/admin.php?page=%2Fcontrolled_admin_access