Heads up, WordPress admins! Numerous security vulnerabilities were discovered in the ProfilePress WordPress plugin that could allow for complete site takeovers!. patches are out, if affected make sure you update your site with the latest plugin version.
Multiple ProfilePress WordPress Plugin Vulnerabilities Discovered
Researchers from the Wordfence team have shared details about vulnerabilities in the ProfilePress WordPress plugin in their recent post.
As elaborated, they discovered multiple critical security issues in this plugin – formerly known as WP User Avatar. The plugin currently boasts over 400,000 active installations, which means the vulnerabilities potentially risked thousands of websites.
Specifically, the researchers found four different vulnerabilities – all receiving critical severity ratings with a CVSS score of 9.8. These include an unauthenticated privilege escalation flaw (CVE-2021-34621), an authenticated privilege escalation (CVE-2021-34622), an arbitrary file upload in the image uploader component (CVE-2021-34623), and an arbitrary file upload in file uploader component (CVE-2021-34624).
Exploiting these vulnerabilities could let an adversary upload arbitrary files to target sites, gain admin access, and completely take over the site. These exploits would even work if the site had disabled user registration – that too, without requiring authentication.
Patches Rolled Out
Wordfence found the plugin versions 3.0 – 3.1.3 as vulnerable to the said flaws.
Following the discovery of the bugs, the researchers contacted the developers to report the matter. Consequently, the developers patched all the vulnerabilities with the release of plugin version 3.1.4, as evident through the changelog.
Nonetheless, following this release, the developers have released other fixes as well with subsequent versions. Hence, the recent one is the ProfilePRess plugin version 3.1.8.
Therefore, all WordPress admins running this plugin on their sites should update at the earliest. This is especially important given the frequent exploitation of vulnerable WordPress plugins to target different websites. Keeping all the plugins updated is the key strategy to fend off most cyber threats against websites.