Privilege Escalation Vulnerability Patched in User Registration WordPress Plugin

On March 9th, 2024, during the second Wordfence Bug Bounty Extravaganza, a submission was received for a Privilege Escalation vulnerability in User Registration, a WordPress plugin with more than 60,000 active installations. This vulnerability makes it possible for an authenticated attacker to grant themselves administrative privileges by updating the default user role.

Props to Stiofan who discovered and responsibly reported this vulnerability through the Wordfence Bug Bounty Program. This researcher earned a bounty of $2,063.00 for this discovery during our Bug Bounty Program Extravaganza.

All Wordfence users are protected against any exploits targeting this vulnerability by the Wordfence firewall’s protection.

Wordfence tried to contact WPEverest on March 13, 2024 through their contact form, however, we did not receive a response. On April 9, 2024, they reached out directly to an email address we had from a previous disclosure and received a response the same day. The full disclosure details were then sent on April, 10, 2024. After providing full disclosure details, the developer released a patch on April 15, 2024. We would like to commend WPEverest for their prompt response and timely patch.

We urge users to update their sites with the latest patched version of User Registration, which is version 3.2.0, as soon as possible.

Source and more details:

Posted in Vulnerability.