Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2021-24649
HistoryNov 21, 2022 - 11:15 a.m.

Design/Logic Flaw

2022-11-2111:15:00
PRIOn knowledge base
www.prio-n.com
4
wp user frontend
wordpress plugin
urhidden" parameter
registration form
encryption
auth_key
auth_salt
account role
admin account
security flaw

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

JSON

The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant (via an arbitrary file access issue for example, or if the blog is using the default keys) to create an account with any role they want, such as admin

CPENameOperatorVersion
wp_user_frontendlt3.5.29

Related

cve 1
wpvulndb 1
nvd 1
patchstack 1
wpexploit 1
cvelist 1
cnvd 1
cve
cve
CVE-2021-24649
2022-11-21 11:15:12
wpvulndb
wpvulndb
WP User Frontend < 3.5.29 - Obscure Registration as Admin
2022-10-31 00:00:00
nvd
nvd
CVE-2021-24649
2022-11-21 11:15:12
patchstack
patchstack
WordPress WP User Frontend plugin <= 3.5.28 - Obscure Registration as Admin vulnerability
2022-10-31 00:00:00
wpexploit
wpexploit
WP User Frontend < 3.5.29 - Obscure Registration as Admin
2022-10-31 00:00:00
cvelist
cvelist
CVE-2021-24649 WP User Frontend < 3.5.29 - Obscure Registration as Admin
2022-11-21 00:00:00
cnvd
cnvd
WordPress WP User Frontend authorization issue vulnerability
2022-11-23 00:00:00

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

JSON
Related for PRION:CVE-2021-24649
cve1wpvulndb1nvd1patchstack1wpexploit1cvelist1cnvd1