WP User Frontend < 3.6.6 – Authenticated (Author+) Privilege Escalation | CVE 2023-47682 | Plugin Vulnerabilities

Description

The WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.6.5. This is due to the plugin not providing sufficient controls on the ability to supply a role on the registration form shortcode rendered via the registration_form function. This makes it possible for authenticated attackers, with author-level access and above, to add a registration form to a page with the role set to administrator and then subsequently use the form to register as an administrator.

Affects Plugins

wp-user-frontend

Fixed in 3.6.6

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/31de3c9b-068d-47d8-9811-feae07f2e9d0

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Rafie Muhammad

Verified

No

WPVDB ID

a3984fb8-2fe5-42bb-a280-ce1f5df7819d

Timeline

Publicly Published

2023-11-09 (about 2 years ago)

Added

2023-11-23 (about 2 years ago)

Last Updated

2024-01-22 (about 2 years ago)

Other

Published

Title

Published

2026-02-07

Title

JAY Login & Register < 2.6.04 - Unauthenticated Privilege Escalation via jay_login_register_ajax_create_final_user

Published

2026-02-13

Title

Truelysell Core < 1.8.8 - Unauthenticated Privilege Escalation via Registration

Published

2024-12-18

Title

Simple Dashboard <= 2.0 - Unauthenticated Privilege Escalation

Published

2025-05-20

Title

Spreadsheet Price Changer for WooCommerce and WP E-commerce <= 2.4.37 - Unauthenticated Privilege Escalation

Published

2025-04-23

Title

Frontend Login and Registration Blocks < 1.0.9 - Subscriber+ Privilege Escalation via Password Reset