// For flags

CVE-2024-0701

UserPro <= 5.1.6 - Disabled Membership Registration Bypass

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator.

El complemento UserPro para WordPress es vulnerable a la omisión de funciones de seguridad en todas las versiones hasta la 5.1.6 incluida. Esto se debe al uso de restricciones del lado del cliente para aplicar la función de Membresía "Registro deshabilitado" dentro de la configuración general del complemento. Esto hace posible que atacantes no autenticados registren una cuenta incluso cuando un administrador haya desactivado el registro de la cuenta.

*Credits: Rob Stevens
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2024-01-18 CVE Reserved
  • 2024-02-01 CVE Published
  • 2024-02-14 EPSS Updated
  • 2024-08-01 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-602: Client-Side Enforcement of Server-Side Security
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Userproplugin
Search vendor "Userproplugin"
Userpro
Search vendor "Userproplugin" for product "Userpro"
<= 5.1.6
Search vendor "Userproplugin" for product "Userpro" and version " <= 5.1.6"
wordpress
Affected