Lucene search

K
wpvulndbWpvulndbWPVDB-ID:22BBFAFF-80C4-4E23-88E0-8322679CE4CD
HistoryMay 31, 2024 - 12:00 a.m.

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin < 3.2.1 - Missing Authorization to Privilege Escalation

2024-05-3100:00:00
wpscan.com
1
wordpress
plugin
vulnerability
authorization
data modification
privilege escalation

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

Description The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘import_form_action’ function in versions up to, and including, 3.2.0.1. This makes it possible for authenticated attackers, with contributor-level permissions and above, to import a registration form with a default user role of administrator. If an administrator approves or publishes a post or page with the shortcode to the imported form, any user can register as an administrator.

CPENameOperatorVersion
eq3.2.1

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

Related for WPVDB-ID:22BBFAFF-80C4-4E23-88E0-8322679CE4CD