CVE-2024-0701
UserPro <= 5.1.6 - Disabled Membership Registration Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator.
El complemento UserPro para WordPress es vulnerable a la omisión de funciones de seguridad en todas las versiones hasta la 5.1.6 incluida. Esto se debe al uso de restricciones del lado del cliente para aplicar la función de Membresía "Registro deshabilitado" dentro de la configuración general del complemento. Esto hace posible que atacantes no autenticados registren una cuenta incluso cuando un administrador haya desactivado el registro de la cuenta.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-01-18 CVE Reserved
- 2024-02-01 CVE Published
- 2024-02-14 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-602: Client-Side Enforcement of Server-Side Security
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.wordfence.com/threat-intel/vulnerabilities/id/ea070d9c-c04c-432f-a110-47b9eaa67614?source=cve | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 | 2024-02-13 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Userproplugin Search vendor "Userproplugin" | Userpro Search vendor "Userproplugin" for product "Userpro" | <= 5.1.6 Search vendor "Userproplugin" for product "Userpro" and version " <= 5.1.6" | wordpress |
Affected
|