# CVE-2021-34621 - WordPress Privilege Escalation

A critical vulnerability has been identified in the user registration component of the ProfilePress WordPress plugin. This security flaw, assigned CVE-2021-34621, allows unauthorized users to register on websites with administrator privileges, potentially leading to a complete compromise of the site's security.

# Vulnerable Component

The vulnerability is located in the RegistrationAuth.php file, which is part of the ProfilePress plugin. This component is responsible for handling user registration.

# Affected Versions

The security issue impacts ProfilePress plugin versions 3.0.0 through 3.1.3. Websites using any of these versions are at risk of exploitation.

# Impact

Exploiting this vulnerability enables malicious actors to register on WordPress sites with elevated privileges, granting them unauthorized access to administrative functions and sensitive data. This could lead to full control over the compromised website, unauthorized content manipulation, and potential data breaches.

# Mitigation

Website administrators are strongly advised to take the following actions:

    Immediate Update: Upgrade the ProfilePress plugin to a version beyond 3.1.3, as this vulnerability has been patched in later releases.
    Security Audit: Perform a thorough security audit to identify any signs of unauthorized access or suspicious activities on the affected website.
    User Review: Review the registered user list for any unauthorized or suspicious accounts and revoke their privileges.
    Monitoring: Implement continuous monitoring and intrusion detection mechanisms to promptly detect and respond to any unauthorized actions.

# Disclaimer

This PoC is provided for educational purposes only!