The article discusses a Privilege Escalation vulnerability discovered in the RegistrationMagic WordPress plugin during the Bug Bounty Extravaganza event on February 26, 2024. The vulnerability allowed authenticated attackers to grant themselves administrative privileges by updating the user role. The researcher who discovered this vulnerability, Krzysztof Zając, received a bounty of $1,313.00 for responsibly reporting it through the Wordfence Bug Bounty Program.
Wordfence Premium, Wordfence Care, and Wordfence Response users were provided with a firewall rule for protection on February 28, 2024, while users of the free version would receive the same protection on March 29, 2024. The developer of the plugin, Metagauss, was contacted on February 29, 2024, and released a patch on March 11, 2024, to address the vulnerability promptly.
The technical analysis revealed that the vulnerability was caused by a missing capability check on the update_users_role() function in the plugin, allowing authenticated attackers to escalate their privileges. The article emphasized the importance of updating sites to the patched version 5.3.1.0 of RegistrationMagic to secure against this vulnerability.
The disclosure timeline highlighted the communication and actions taken between the researchers, Wordfence, and the plugin vendor to address the issue. The blog post concluded with a reminder for WordPress users to update their sites and shared information on the protection provided by Wordfence to mitigate the risks associated with this vulnerability.
In summary, the article sheds light on the Privilege Escalation vulnerability in the RegistrationMagic plugin, the actions taken to address it, and the importance of ensuring site security through timely updates. It also underscores the collaboration between researchers, security firms, and developers in safeguarding the WordPress ecosystem and the broader web.
Read Full Article