Exploit for Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation CVE-2021-24215

Name: Exploit for Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation CVE-2021-24215
Rating: 5 (83 reviews)

2021-03-23 | CVSS 10.0

## https://sploitus.com/exploit?id=WPEX-ID:EEC0F29F-A985-4285-8EED-D1855D204A20
Created a temporary admin account via the plugin (/wp-admin/users.php?page=controlled_admin_access), with limited access and open the below URLs which should not be accessible

### -- [ PoC #1 | Improper Access Control | Customize: ]

[!] https://example.com/wp-admin/customize.php


### -- [ PoC #2 | Improper Access Control | All Settings: ]

[!] https://example.com/wp-admin/options.php