CVE-2024-0701
Published: 05 February 2024
Summary
CVE-2024-0701 is a medium-severity Client-Side Enforcement of Server-Side Security (CWE-602) vulnerability in Userproplugin Userpro. Its CVSS base score is 5.3 (Medium).
Operationally, ranked at the 38.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-16491
Vulnerability details
The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings.…
more
This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.