Horizon Alert
Summary of the vulnerability and why it matters
A critical vulnerability exists in the User Registration Advanced Fields plugin for WordPress that allows attackers to upload arbitrary files to the server. This could lead to the execution of malicious code, severely impacting the integrity and availability of the website.
- Allows unauthenticated file uploads.
- Remote code execution is possible.
- Requires a specific form field to be configured.
Attack Path
How an attacker could exploit the issue
An unauthenticated attacker can exploit this vulnerability by uploading a malicious file through a vulnerable WordPress site's registration form if a "Profile Picture" field is enabled. This uploaded file could then be executed on the server, potentially leading to full system compromise.
- Attacker is unauthenticated.
- Target is WordPress registration form.
- Requires "Profile Picture" field.
Live Threat
Current exploitation, exposure, and threat context
Attackers may find this vulnerability attractive due to its potential for unauthenticated remote code execution on WordPress sites. Exploitation requires a specific field to be present, which might limit widespread automated attacks but presents a significant risk where applicable. The ability to upload arbitrary files bypasses common security measures, making it a direct path to compromise.
- Unauthenticated arbitrary file upload.
- Remote code execution possible.
- Requires specific field configuration.
Priority actions
Operational Fix
Recommended remediation, mitigation, and detection steps
Prioritize identifying and isolating any WordPress sites using the User Registration Advanced Fields plugin, especially those with a "Profile Picture" field enabled, as unauthenticated attackers can upload arbitrary files. Review logs for suspicious file uploads targeting user registration forms.
- Block uploads of executable file types.
- Disable "Profile Picture" field in forms.
- Update plugin to version 1.6.21 or later.
