User Role Editor Pro version 4.24.5 was published at April 2nd, 2016. It’s the security update to fix critical vulnerability. Versions affected (free and Pro) 4.24.4 and earlier. This exploit allowed to any registered user to raise his permissions up to administrator level.
It’s strongly recommended to update your copy of User Role Editor Pro to the latest version.
Core version: 4.25
- Important security update: Any registered user could get an administrator access. Thanks to John Muncaster for discovering and wisely reporting this vulnerability.
- URE pages title tag was replaced from h2 to h1, for compatibility with other WordPress pages.