CVE-2024-4958

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation

Severity Score

7.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it possible for authenticated attackers, with contributor-level permissions and above, to import a registration form with a default user role of administrator. If an administrator approves or publishes a post or page with the shortcode to the imported form, any user can register as an administrator.

El complemento User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función 'import_form_action' en versiones hasta la 3.2.0.1 incluida. Esto hace posible que atacantes autenticados, con permisos de nivel de colaborador y superiores, importen un formulario de registro con una función de usuario predeterminada de administrador. Si un administrador aprueba o publica una publicación o página con el código corto del formulario importado, cualquier usuario puede registrarse como administrador.

*Credits: Thanh Nam Tran

CVSS Scores

Wordfencev3.1 7.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-05-15 CVE Reserved
2024-05-31 CVE Published
2024-06-02 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-862: Missing Authorization

CAPEC

References (2)

URL	Tag	Source
https://plugins.trac.wordpress.org/changeset/3095484/user-registration/tags/3.2.1/includes/class-ur-ajax.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/710574a8-a6e2-4ee6-9ea7-03a34994fec7?source=cve

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Wpeverest Search vendor "Wpeverest"		User Registration – Custom Registration Form, Login Form, And User Profile WordPress Plugin Search vendor "Wpeverest" for product "User Registration – Custom Registration Form, Login Form, And User Profile WordPress Plugin"				<= 3.2.0.1 Search vendor "Wpeverest" for product "User Registration – Custom Registration Form, Login Form, And User Profile WordPress Plugin" and version " <= 3.2.0.1"		en		Affected