WordPress Plugin Vulnerabilities

ProfilePress < 4.13.2 - Limited Privilege Escalation via 'acceptable_defined_roles'

Description

The ProfilePress plugin for WordPress is vulnerable to limited privilege escalation in versions up to, and including, 4.13.1 via the 'acceptable_defined_roles' function due to incomplete validation on a user controlled key. This can allow unauthenticated attackers to elevate their privileges to a non-administrator role during user-registration.

Affects Plugins

Plugin icon
wp-user-avatar
Fixed in 4.13.2

References

CVE
CVE-2023-41954
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/5b2840ee-3b48-415e-9bed-d34d0b6e36d7

Miscellaneous

Original Researcher
Revan Arifio
Verified
No
WPVDB ID
130d8d50-5b6d-4325-a008-dd44a7769395

Timeline

Publicly Published
2023-09-09 (about 2 years ago)
Added
2023-11-24 (about 2 years ago)
Last Updated
2023-11-24 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
WordPress XML-RPC Interface Access Restriction Bypass
Published
2015-03-24
Title
Backupbuddy - importbuddy.php step Parameter Remote PHP Information Disclosure
Published
2016-05-26
Title
Jetpack 2.0-4.0.2 - Shortcode Stored Cross-Site Scripting (XSS)
Published
2018-01-27
Title
Enfold Theme < 4.2.1 - Rewrite Portfolio Permalink Structure & Information Disclosure
Published
2024-10-14
Title
Adding drop down roles in registration <= 1.1 - Unauthenticated Privilege Escalation