Vulnerability Description
A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. .
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Properfraction | Profilepress | >= 3.0.0, <= 3.1.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/163973/WordPress-ProfilePress-3.1.3-PrivileExploitThird Party AdvisoryVDB Entry
- https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilitiExploitThird Party Advisory
- http://packetstormsecurity.com/files/163973/WordPress-ProfilePress-3.1.3-PrivileExploitThird Party AdvisoryVDB Entry
- https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilitiExploitThird Party Advisory
FAQ
What is CVE-2021-34621?
CVE-2021-34621 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an admin...
How severe is CVE-2021-34621?
CVE-2021-34621 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-34621?
Check the references section above for vendor advisories and patch information. Affected products include: Properfraction Profilepress.