WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss, CVE-2021-24649

CVE, Research URL: CVE-2021-24649
Home page URL: Security reports for WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss
Application: WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss
Published on: Nov 21, 2022
Research Description: The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant (via an arbitrary file access issue for example, or if the blog is using the default keys) to create an account with any role they want, such as admin
Affected versions: max 3.6.9.
Status: vulnerable

WP User Frontend &#8211; Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss, CVE-2021-24649