The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 15 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Wpuserplus
Wpuserplus userplus
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:wpuserplus:userplus:*:*:*:*:*:wordpress:*:*
Vendors & Products Wpuserplus
Wpuserplus userplus

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Userplus
Userplus user Registration And User Profile
CPEs cpe:2.3:a:userplus:user_registration_and_user_profile:*:*:*:*:*:*:*:*
Vendors & Products Userplus
Userplus user Registration And User Profile
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 10 Oct 2024 02:15:00 +0000

Type Values Removed Values Added
Description The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation.
Title UserPlus <= 2.0 - Authenticated (Editor+) Registration Form Update to Privilege Escalation
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2024-10-10T17:58:23.884Z

Reserved: 2024-10-04T12:11:37.877Z

Link: CVE-2024-9519

cve-icon Vulnrichment

Updated: 2024-10-10T17:58:19.057Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-10T02:15:05.787

Modified: 2024-10-15T14:26:26.417

Link: CVE-2024-9519

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.