Vulnerability Details : CVE-2021-24649
The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant (via an arbitrary file access issue for example, or if the blog is using the default keys) to create an account with any role they want, such as admin
Vulnerability category: BypassGain privilege
Products affected by CVE-2021-24649
- cpe:2.3:a:wedevs:wp_user_frontend:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-24649
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-24649
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2021-24649
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: contact@wpscan.com (Primary)
References for CVE-2021-24649
-
https://wpscan.com/vulnerability/9486744e-ab24-44e4-b06e-9e0b4be132e2
Just a moment...Exploit;Third Party Advisory
Jump to