PT-2024-20306 · WordPress · User Registration – Custom Registration Form
Stiofan
+1
·
Published
2024-05-02
·
Updated
2024-05-02
·
CVE-2024-2417
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin versions up to, and including, 3.1.5
Description
The issue is related to a missing capability check on the
form save action() function, allowing authenticated attackers with subscriber-level access and above to update the registration form. This enables them to make the default registration role an administrator, subsequently allowing the attacker to register an account as an administrator on the site.Recommendations
For versions up to, and including, 3.1.5, update to a version that includes a fix for the missing capability check on the
form save action() function.
As a temporary workaround, consider restricting access to the form save action() function to prevent unauthorized updates to the registration form.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
User Registration – Custom Registration Form