Description

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset passwords of random users if account id's are known. WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction version 2.0.13 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.14 or latest

References

http://security.szurek.pl/pie-register-2013-privilege-escalation.html

http://www.exploit-db.com/exploits/35823/

http://secunia.com/advisories/62351/

Related Vulnerabilities

Oracle JRE CVE-2018-2599 Vulnerability (CVE-2018-2599)

PHP Improper Input Validation Vulnerability (CVE-2010-1129)

WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7863)

WordPress Plugin SAM Pro (Free Edition) Local File Inclusion (1.9.6.67)

Severity

High

Classification

CVE-2014-8802 CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass