• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Plugins/A nasty WordPress plugin bug could allow an attacker to register as a site administrator

A nasty WordPress plugin bug could allow an attacker to register as a site administrator

Security researchers have discovered a critical but easily exploitable vulnerability in popular ones. WordPress plugin It can be exploited to upload arbitrary files to affected websites.

In their breakdown Wordfence researchers developing security solutions to protect against vulnerabilities WordPress Please note that during the installation, the affected plugins are installed on over 400,000 websites.

The ProfilePress plugin, formerly known as the WP User Avatar, allows administrators to design user profile pages and create front-end forms for user registration. It also helps protect sensitive content and control user access.

TechRadar needs you!

We’re investigating how our readers are using VPNs on streaming sites like Netflix, so we can improve our content and provide better advice. This survey does not take more than 60 seconds. You can also take part in the draw to win a $ 100 Amazon Voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window

Wordfence states that an attacker could exploit the vulnerability to register as a site administrator even if the actual administrator has disabled user registration.

Improper implementation

According to Wordfence, the ProfilePress plugin has emerged as a way to upload a user’s profile picture, but has recently been transformed into the current form with new user login and registration capabilities.

Unfortunately, however, the new features were not properly coded and introduced a vulnerability.

For example, the plugin did not prevent users from providing arbitrary metadata during the registration process. This was exploited by Wordfence to escalate user privileges to administrator privileges.

You can do the same with the profile update feature. However, because there was no check to verify that the site had user registration enabled, the attacker did not have to compromise the existing account and was able to hijack the website without hassle.

Wordfence reported these vulnerabilities to ProfilePress around the end of May. The company responded quickly and fixed the bug with a patch (v3.1.4) within a few days.

To prevent attacks, users running vulnerable versions (3.0-3.1.3) are advised to update immediately.

A nasty WordPress plugin bug could allow an attacker to register as a site administrator

Source link A nasty WordPress plugin bug could allow an attacker to register as a site administrator

Source link

Written by:
Abdul Wahid
Published on:
June 29, 2021

Categories: Plugins

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (6)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

WordPress: A Powerhouse for Achieving Internet …

Continue Reading about Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter