Security researchers have identified the dangerous dangers of easy access to celebrities WordPress Plugin This can lead to excessive uploading of arbitrary files on the affected websites.
The Profile Press plugin, formerly known as the WP User Avatar, enables administrators to design user profile pages and create frontend forms for user registration. It also helps protect sensitive content and control user access.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take you more than 60 seconds, and you can choose to enter the prize draw to win an Amazon 100 Amazon voucher or a 1-year Express VPN subscription.
WordFence notes that attackers can also take risks to register themselves as site administrators, even if the real administrators have disabled user registration.
According to WordFence, although the Profile Press plugin came into being by uploading user profile photos, it recently took the written form in its current form and adopted new features for user login and registration.
Unfortunately, however, the new features were not coded correctly and the risks were presented.
For example, the plugin did not refrain from providing users with arbitrary metadata during the registration process, which was used by WordFence to increase administrator user privileges.
The same can be done in the updated profile function. However, since no checks were made on this site to verify the user’s eligibility for registration, the attackers did not have to compromise the existing account, and they could take over the site without any effort. ۔
WordFence reported these vulnerabilities to the profile press in late May. The company responded quickly by plugging in a bug (v3.1.4) within a few days.
To prevent attacks, users running the weaker version (3.0-3.1.3) are urged to update immediately.