A critical vulnerability exists in the DesignThemes LMS plugin for WordPress that allows any unauthenticated user to register a new account with full administrator privileges. This flaw provides attackers with complete control over an affected website, enabling them to steal data, deface the site, or install malicious software. Immediate patching is required to prevent a full system compromise.

The vulnerability is a privilege escalation flaw within the plugin's user registration functionality. The dtlms_register_user_front_end function, which handles new user creation, fails to validate or restrict the user role that can be assigned during registration. An unauthenticated attacker can exploit this by submitting a crafted registration request that includes a parameter specifying the 'administrator' role. Because the backend does not sanitize this input, the system processes the request and creates a new user with the highest possible level of administrative access.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation grants an attacker complete administrative control over the WordPress site. The potential business impact is severe and includes, but is not limited to, theft of sensitive user data and intellectual property, website defacement leading to reputational damage, injection of malware to attack site visitors, and using the compromised server for further malicious activities such as hosting phishing campaigns or participating in botnets. The ease of exploitation by an unauthenticated attacker significantly increases the risk to any organization using the affected plugin.

Immediate Action: Immediately update the DesignThemes LMS plugin for WordPress to the latest version (greater than 1.0.4) where this vulnerability has been patched. After updating, conduct a thorough audit of all user accounts, especially those with administrator privileges, to identify and remove any unauthorized accounts created by attackers.

Proactive Monitoring: Monitor web server access logs for suspicious POST requests to user registration pages, specifically looking for requests that contain parameters such as role=administrator. Implement file integrity monitoring to detect unauthorized changes to core WordPress files or plugin files. Regularly review WordPress security logs for unusual user creation or privilege modification events.

Compensating Controls: If immediate patching is not feasible, consider disabling user registration through the DesignThemes LMS plugin as a temporary measure. Alternatively, implement a Web Application Firewall (WAF) rule to inspect and block any registration requests that attempt to specify a user role, particularly 'administrator'.

Public Exploit Available: False

Given the critical CVSS score of 9.8 and the ability for an unauthenticated attacker to achieve a full site compromise, this vulnerability poses a severe and immediate threat. We strongly recommend that all organizations using the affected plugin apply the security update on an emergency basis. A post-patch audit for indicators of compromise, such as unauthorized administrator accounts or suspicious files, is essential to ensure the integrity of the website has not already been violated.