CVE-2024-0701

Sažetak

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator.

Reference

https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
https://www.wordfence.com/threat-intel/vulnerabilities/id/ea070d9c-c04c-432f-a110-47b9eaa67614?source=cve

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

13-02-2024 - 17:03

Objavljeno

05-02-2024 - 22:16