WP User Frontend < 3.5.29 - Obscure Registration as Admin
CVE-2021-24649

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: WP User Frontend
Vendor: CVE Published:; 21 November 2022

Summary

The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant (via an arbitrary file access issue for example, or if the blog is using the default keys) to create an account with any role they want, such as admin

Affected Version(s)

WP User Frontend 0 < 3.5.29

References

https://wpscan.com/vulnerability/9486744e-ab24-44e4-b06e-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 21, 2022
Vulnerability Reserved
Jan 14, 2021

Credit

AyeCode Ltd