WP User Frontend < 3.5.29 - Obscure Registration as Admin
CVE-2021-24649

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: WP User Frontend
Vendor: CVE Published:; 21 November 2022

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2021-24649?

The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant (via an arbitrary file access issue for example, or if the blog is using the default keys) to create an account with any role they want, such as admin

Affected Version(s)

WP User Frontend 0 < 3.5.29

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-24649 - Proof of Concept

References

https://wpscan.com/vulnerability/9486744e-ab24-44e4-b06e-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 21, 2022
👾
Exploit known to exist
Nov 21, 2022
Vulnerability published
Nov 21, 2022
Vulnerability Reserved
Jan 14, 2021

Credit

AyeCode Ltd

Wordpress

Badges

What is CVE-2021-24649?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline

Credit