While investigating a security advisory about an arbitrary role change/privilege escalation issue in the HM Multiple Roles WordPress plugin, the Jetpack Scan team discovered that the fix was incomplete and left the plugin still vulnerable.
in Security
Arbitrary Role Change/Privilege Escalation in HM Multiple Roles WordPress plugin (jetpack.com)
