Social Signals
WordPress User Registration & Membership Plugin Vulnerability
Mar
An advisory has been revealed a couple of crucial vulnerability found within the Consumer Registration & Membership plugin for WordPress, put in on greater than 60,000 web sites. The vulnerability is rated 9.8/10. It allows unauthenticated attackers to create administrator-level accounts.
Consumer Registration & Membership WordPress Plugin
The plugin is used to construct membership web sites. It permits website house owners to create customized registration kinds, assign consumer roles, prohibit content material behind subscription plans, and settle for funds for entry.
Unauthenticated Privilege Escalation
The difficulty impacts all variations as much as and together with 5.1.2.
The vulnerability is because of improper privilege administration throughout membership registration. The plugin accepts a user-supplied function when somebody registers however doesn’t correctly implement a server-side allowlist of permitted roles.
A server-side allowlist is a safety management that limits which consumer roles will be assigned throughout registration. With out that restriction, the system processes no matter function worth is submitted.
As a result of this test is lacking, an attacker can provide administrator because the function throughout registration.
What Attackers Can Do
This makes it attainable for unauthenticated attackers to create administrator accounts.
An administrator account has full management over a WordPress web site. With administrator entry, an attacker can:
- Set up or delete plugins
- Modify themes
- Add malicious code
- Create or delete consumer accounts
- Entry website knowledge
- Creating an administrator account successfully offers an attacker management of the positioning.
In accordance with the Wordfence advisory:
“The Consumer Registration & Membership – Customized Registration Kind Builder, Customized Login Kind, Consumer Profile, Content material Restriction & Membership Plugin plugin for WordPress is weak to improper privilege administration in all variations as much as, and together with, 5.1.2. That is because of the plugin accepting a user-supplied function throughout membership registration with out correctly implementing a server-side allowlist. This makes it attainable for unauthenticated attackers to create administrator accounts by supplying a task worth throughout membership registration.”
Affected and Patched Variations
The vulnerability impacts all variations as much as and together with 5.1.2.
It has been patched in model 5.1.3.
The repair restricts which roles will be assigned throughout membership registration, stopping customers from submitting elevated roles corresponding to administrator.
What Website House owners Ought to Do
Customers of the Consumer Registration & Membership plugin ought to replace to model 5.1.3 or newer. As a result of the vulnerability doesn’t require authentication, websites that stay on weak variations are uncovered to administrator account creation by attackers. Updating the plugin removes the power for customers to assign privileged roles throughout registration.
Featured Picture by Shutterstock/Kues
#WordPress #Consumer #Registration #Membership #Plugin #Vulnerability
