CVE-2021-34621 – ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation

https://notcve.org/view.php?id=CVE-2021-34621

A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. . Una vulnerabilidad en el componente de registro de usuarios encontrada en el archivo ~/src/Classes/RegistrationAuth.php del plugin ProfilePress de WordPress hace posible para usuarios registrarse en los sitios como administradores. Este problema afecta a las versiones 3.0.0 - 3.1.3 WordPress ProfilePress plugin version 3.1.3 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/50242 https://github.com/navreet1425/CVE-2021-34621 https://github.com/RandomRobbieBF/CVE-2021-34621 https://github.com/K3ysTr0K3R/CVE-2021-34621-EXPLOIT http://packetstormsecurity.com/files/163973/WordPress-ProfilePress-3.1.3-Privilege-Escalation.html https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin • CWE-269: Improper Privilege Management CWE-306: Missing Authentication for Critical Function •