A high-severity privilege escalation vulnerability has been identified in the Simple User Registration plugin for WordPress. This flaw could allow a low-privileged attacker to gain administrative rights on an affected website. Successful exploitation could lead to a full site compromise, resulting in data theft, website defacement, or malware distribution.

The vulnerability exists within the user registration and profile update functions of the plugin. An authenticated attacker with low-level privileges (such as a subscriber) can send a specially crafted request to the server. This request exploits a lack of proper authorization checks, allowing the attacker to modify their own user role and escalate their privileges to that of an administrator.

This is a High severity vulnerability with a CVSS score of 8.8. A successful exploit would grant an attacker full administrative control over the WordPress site. The potential consequences include theft of sensitive customer or user data, unauthorized content modification, website defacement, and the injection of malicious code to attack site visitors. This could lead to significant reputational damage, regulatory fines, and loss of customer trust.

Immediate Action:

• Update the Simple User Registration plugin to the latest available version (version 7 or newer) immediately.
• If the plugin is not critical to business operations, consider deactivating and removing it to eliminate the attack surface.
• Review all user accounts, especially those with administrative privileges, to ensure no unauthorized accounts or privilege changes have occurred.

Proactive Monitoring:

• Monitor web server and application logs for suspicious activity related to user profile updates, particularly POST requests to user management pages that result in a change of user roles.
• Implement file integrity monitoring to detect unauthorized changes to WordPress core files, themes, and plugins.
• Regularly audit WordPress user accounts for any unexpected creation of new administrator-level users or elevation of existing users.

Compensating Controls:

• Implement a Web Application Firewall (WAF) with rules designed to detect and block common privilege escalation attempts.
• Restrict access to the WordPress administrative dashboard (/wp-admin/) to trusted IP addresses.
• Enforce Two-Factor Authentication (2FA) for all users, especially those with administrative roles, to add an extra layer of security.

Public Exploit Available: false

Given the high severity (CVSS 8.8) of this vulnerability and the potential for complete website compromise, we strongly recommend immediate action. Organizations using the affected versions of the Simple User Registration plugin should prioritize applying the vendor-supplied update without delay. While this CVE is not currently listed on the CISA KEV catalog, its critical impact necessitates treating it as an urgent threat to prevent potential exploitation.