2 matches found
CVE-2021-24649
The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpufencryption. This could allow an attacker having access to the AUTHKEY and AUTHSALT constant via...
CVE-2021-24649
The CVE refers to the WP User Frontend WordPress plugin prior to version 3.5.29. A user-supplied argument in the registration form, urhidden, encodes the account role (encrypted via wpuf_encryption). If an attacker can access AUTH_KEY and AUTH_SALT (e.g., via arbitrary file access or default keys...