CVE-2023-41954
published 2024-05-17CVE-2023-41954: Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a…
PriorityP277high8.6CVSS 3.1
AVNACLPRNUINSUCLIHAL
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.40%
69.0th percentile
Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| profilepress_membership_team | profilepress | n/a – 4.13.1 | — |
| properfraction | profilepress | < 4.13.2 | 4.13.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated privilege escalation attempts by monitoring POST requests to /wp-admin/admin-ajax.php with action=pp_ajax_signup and a reg_select_role field set to a privileged role (e.g., 'editor', 'administrator'). ↗
- →A successful exploitation response contains both 'profilepress-reg-status success' and 'Registration successful.' in the JSON body with HTTP 200 and Content-Type application/json. ↗
- →Post-exploitation confirmation: attacker logs in via /wp-login.php and accesses /wp-admin/edit.php?post_type=page, with the response containing 'Filter pages list' and 'Add Page', confirming editor-level access. ↗
- →Fingerprint vulnerable ProfilePress installations by searching for the wp-user-avatar plugin path in page bodies or HTTP components. ↗
- →The multipart form-data boundary '----WebKitFormBoundaryoO03YbuBltnemvPe' is used in the exploit request and can serve as a network-level signature for this specific exploit template. ↗
- ·The exploit requires a valid 'signup_form_id' parameter, which must be discovered from the target site prior to exploitation. The template uses a dynamic variable ({{signup_form_id}}) implying a prior enumeration step (http(1)) is needed. ↗
- ·The vulnerability only affects ProfilePress versions up to and including 4.13.1; patched versions are not affected. ↗
- ·The privilege escalation is limited — the attacker can register as 'editor' role (not necessarily full administrator), hence the NVD description notes 'unauthenticated limited privilege escalation'. ↗
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
vulncheck8.6HIGH
vendor_oracle3.3LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f3p6-32mj-fj25: Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation
ghsa_unreviewed·2024-05-17
CVE-2023-41954 [HIGH] CWE-269 GHSA-f3p6-32mj-fj25: Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation
Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.
VulnCheck
ProfilePress Membership Team ProfilePress Plugin Vulnerability
vulncheck·2023·CVSS 8.6
CVE-2023-41954 [HIGH] ProfilePress Membership Team ProfilePress Plugin Vulnerability
ProfilePress Membership Team ProfilePress Plugin Vulnerability
Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.
Affected: ProfilePress Membership Team ProfilePress Plugin
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-13-1-unauthenticated-limited-privilege-escalation-vulnerability
Oracle
Oracle Oracle Construction and Engineering Risk Matrix: Platform (MPXJ) — CVE-2022-41954
vendor_oracle·2023-10-15·CVSS 3.3
CVE-2022-41954 [LOW] Oracle Oracle Construction and Engineering Risk Matrix: Platform (MPXJ) — CVE-2022-41954
Oracle Oracle Construction and Engineering Risk Matrix: Platform (MPXJ) vulnerability
CVE: CVE-2022-41954
CVSS: 3.3
Protocol: None
Remote exploit: No
Affected versions: Local
Advisory: cpuoct2023 (OCT 2023)
No detection rules found.
Nuclei
ProfilePress <= 4.13.1 — Unauthenticated Privilege Escalation
nuclei·CVSS 8.6
CVE-2023-41954 [HIGH] ProfilePress <= 4.13.1 — Unauthenticated Privilege Escalation
ProfilePress <= 4.13.1 — Unauthenticated Privilege Escalation
Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.
Template:
id: CVE-2023-41954
info:
name: ProfilePress <= 4.13.1 — Unauthenticated Privilege Escalation
author: daffainfo
severity: high
description: |
Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.
remediation: |
Update to the latest version of ProfilePress to address privilege management issues.
impact: |
Attackers can escalate privileges, gaining unauthorized access to restricted features or data within ProfilePress.
referenc
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-13-1-unauthenticated-limited-privilege-escalation-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-13-1-unauthenticated-limited-privilege-escalation-vulnerability?_s_id=cve
2024-05-17
Published
Exploited in the wild