CVE-2024-0701 in UserPro Pluginالمعلومات

الملخص

بحسب MITRE • 06/02/2024

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

مسؤول

Wordfence

حجز

18/01/2024

إفشاء

06/02/2024

الاعتدال

تمت الموافقة

إدخال

VDB-252671

EPSS

0.00580

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

Want to know what is going to be exploited?

We predict KEV entries!