CVE-2024-8246

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to set the default role on registration forms. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with a custom role that allows them to register as administrators.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/3149760/buddyforms/trunk/includes/admin/form-builder/meta-boxes/metabox-registration.php	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/40760f60-b81a-447b-a2c8-83c7666ce410?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:themekraft:buddyforms:*:*:*:*:*:wordpress:*:*

History

26 Sep 2024, 14:00

Type	Values Removed	Values Added
First Time		Themekraft Themekraft buddyforms
CPE		cpe:2.3:a:themekraft:buddyforms::::::wordpress::*
CWE		NVD-CWE-noinfo
References	~~() https://plugins.trac.wordpress.org/changeset/3149760/buddyforms/trunk/includes/admin/form-builder/meta-boxes/metabox-registration.php -~~	() https://plugins.trac.wordpress.org/changeset/3149760/buddyforms/trunk/includes/admin/form-builder/meta-boxes/metabox-registration.php - Patch
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/40760f60-b81a-447b-a2c8-83c7666ce410?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/40760f60-b81a-447b-a2c8-83c7666ce410?source=cve - Third Party Advisory

14 Sep 2024, 11:47

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-14 04:15

Updated : 2024-09-26 14:00

NVD link : CVE-2024-8246

Mitre link : CVE-2024-8246

CVE.ORG link : CVE-2024-8246

JSON object : View

Products Affected

themekraft

buddyforms

CWE

NVD-CWE-noinfo CWE-269

Improper Privilege Management

{"id": "CVE-2024-8246", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-09-14T04:15:04.493", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3149760/buddyforms/trunk/includes/admin/form-builder/meta-boxes/metabox-registration.php", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/40760f60-b81a-447b-a2c8-83c7666ce410?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "The Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to set the default role on registration forms. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with a custom role that allows them to register as administrators."}, {"lang": "es", "value": "El complemento Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 2.8.11 incluida. Esto se debe a que el complemento no restringe adecuadamente el acceso de los usuarios para establecer el rol predeterminado en los formularios de registro. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, creen un formulario de registro con un rol personalizado que les permite registrarse como administradores."}], "lastModified": "2024-09-26T14:00:09.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:themekraft:buddyforms:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "22A6A548-27A8-4C72-A9B8-BE7667959E85", "versionEndExcluding": "2.8.12"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}