A critical vulnerability has been identified in the EduKart Pro plugin for WordPress, which allows any unauthenticated user to register a new account with full administrator privileges. Successful exploitation would result in a complete compromise of the affected website, granting the attacker total control over its content, user data, and underlying server functions. Due to the ease of exploitation and the high level of access granted, this vulnerability poses a severe and immediate risk to any organization using the affected plugin.

The vulnerability exists within the user registration function, edukart_pro_register_user_front_end. This function fails to properly validate or restrict the user role that can be assigned during the registration process. An unauthenticated attacker can submit a standard registration request and include a parameter specifying the desired user role as 'administrator'. The plugin processes this request without sanitization, creating a new user account with the highest level of administrative privileges on the WordPress site.

This vulnerability is rated as critical severity with a CVSS score of 9.8. A successful exploit leads to a complete compromise of the confidentiality, integrity, and availability of the affected WordPress site. An attacker with administrator access can steal sensitive user data, install malicious software (malware, backdoors), deface the website, redirect traffic to malicious sites, and potentially use the compromised server to launch further attacks. The business risks include significant data breaches, financial loss, severe reputational damage, and the cost associated with incident response and system recovery.

Immediate Action: Immediately update the EduKart Pro plugin to the latest version available (newer than 1.0.3), which contains the patch for this vulnerability. After updating, review all existing user accounts, particularly those with administrator privileges, to identify and remove any unauthorized accounts created by attackers.

Proactive Monitoring: Review web server and application access logs for suspicious registration attempts. Specifically, search for POST requests to the user registration endpoint that contain the parameter role=administrator or other high-privilege roles. Monitor the WordPress user list for any unexpected additions or privilege escalations.

Compensating Controls: If patching is not immediately possible, consider the following mitigations:

• Temporarily disable the user registration functionality provided by the EduKart Pro plugin.
• Implement a Web Application Firewall (WAF) rule to inspect and block registration requests that attempt to set a user role to 'administrator'.
• Restrict access to the registration page to trusted IP addresses only, if feasible.

Public Exploit Available: false

Given the critical severity (CVSS 9.8) and the fact that this vulnerability can be exploited by an unauthenticated attacker with minimal effort, immediate remediation is imperative. All organizations using the EduKart Pro plugin must prioritize applying the vendor-supplied patch without delay. The risk of a full site compromise is extremely high, and organizations should assume this vulnerability will be actively targeted by threat actors in the near future.