CVE-2021-24649

Name of the Vulnerable Software and Affected Versions WP User Frontend WordPress plugin versions prior to 3.5.29

Description The issue allows an attacker to create an account with any role they want, such as admin, by exploiting a user-supplied argument called urhidden in the registration form. This argument contains the role for the account to be created with, encrypted via wpuf encryption(). An attacker having access to the AUTH KEY and AUTH SALT constant, either via an arbitrary file access issue or if the blog is using the default keys, can exploit this.

Recommendations For WP User Frontend WordPress plugin versions prior to 3.5.29, update to version 3.5.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the registration form or monitoring account creations closely to minimize the risk of exploitation.