Notice to the User Registration plugin users!
If you’re currently using the User Registration plugin, we’ve got an important notice regarding the User Registration vulnerability fix.
Wordfence Threat Intelligence team recently detected an arbitrary file upload vulnerability in the User Registration plugin.
This vulnerability enables authenticated attackers with limited permissions like subscribers to upload arbitrary files and execute them on the server.
However, our diligent developers have promptly worked on the issue and resolved it in a timely manner.
Thus, to secure your website against this vulnerability, we kindly urge all our users to update sites with the latest patched versions of the User Registration plugin without any delay.
Free User Registration plugin users can update to the patched version 220.127.116.11. Likewise, Pro users should update to version 18.104.22.168.
Summary of the Arbitrary File Upload Vulnerability in User Registration Plugin
As our users already know, the User Registration plugin is a popular WordPress registration plugin for creating a streamlined registration system on your website.
An essential feature of User Registration is that it lets you build unlimited registration forms using custom form fields, including the Profile Picture and File Upload fields.
Adding these fields to your form allows users to directly upload their profile pictures or other files, and submit them through the form.
Unfortunately, we recently received a report on a major security issue with this feature.
Rest assured, the vulnerability has now been resolved.
All thanks to the Wordfence Threat Intelligence team for making us aware of the issue and the User Registration developer team for working promptly on fixing the issue.
Now, let’s take a more detailed look into the issue and its fix below.
The User Registration plugin was recently reported to be vulnerable to arbitrary file uploads. This was because of a hard-coded encryption key and a missing file type validation on the ‘ur_upload_profile_pic’ function.
So, authenticated attackers would be able to upload random files through the profile picture and file upload options and perform remote code execution on your site’s server.
Exploiting this vulnerability is possible even for users with minimal permissions, such as Subscribers.
The issue exists in the versions up to and including 3.0.2 of the free plugin and 4.0.2 of the pro plugin.
As soon as we became aware of this vulnerability, our team worked extremely hard to develop a fix. Hence, we were able to partially patch the issue in version 3.0.2, and then fully patch it in version 22.214.171.124.
For the premium version of User Registration, the vulnerability was fully patched in version 126.96.36.199.
- June 19, 2023 – Wordfence discovered an arbitrary file upload vulnerability in the User Registration plugin.
- June 20, 2023 – Wordfence contacted us and provided us with all the detailed information regarding the file upload vulnerability.
- June 20, 2023 – We acknowledged the issue and swiftly started working on the vulnerability fix.
- June 29, 2023 – The initial patch released with version 3.0.2, addressed the issue partially.
- July 4, 2023 – The second patch, released with version 188.8.131.52, effectively addressed the issue and provided a complete fix.
How to Prevent Arbitrary File Upload Vulnerability?
In order to maintain the security of your website, it’s crucial to prevent arbitrary file upload vulnerability detected in the User Registration.
For this, all you need to do is follow the two simple steps below:
Update User Registration to the Patched Version Without any Delay
We kindly request all users of the free User Registration plugin to promptly update to the patched version 184.108.40.206.
Similarly, Pro users are requested to swiftly update their plugin to the patched version 220.127.116.11.
We urge you to do this immediately because the vulnerability still persists in the older versions of User Registration.
Updating is a simple process. From your WordPress dashboard, navigate to Plugins >> Installed Plugins.
Locate the User Registration plugin and you’ll see a notice about its new version. Click on update now.
That’s all it takes to update successfully.
Monitor the Plugin Updates Regularly
Themes and plugins keep releasing their latest updates to ensure the optimal security of your site.
So, it’s essential to make it a habit to consistently check plugin updates and install the updates immediately. By doing so, you can benefit from enhanced/new features and security fixes.
If you have any queries, require assistance, or encounter any issues regarding our User Registration plugin, feel free to contact our support team.
Wordfence detected the arbitrary file upload vulnerability in the User Registration plugin and conveyed the information to us on time.
Thus, our developers could work on and address this issue immediately.
So, we are really thankful to the Wordfence Threat Intelligence team for making us aware of the issue with our plugin.
We also feel proud that our developers could develop the vulnerability fix in a timely manner with their hard work and dedication.
However, unless and until you update the User Registration plugin to the latest patch versions, your site might be vulnerable to this significant threat.
Therefore, we urge all users to update the site to the patched version; 18.104.22.168 of User Registration as quickly as possible.
Also, please help us share this information to ensure the security of the site of your friends’ circle as well.
Thank you for your continuous support and love towards the User Registration plugin. Stay updated and keep your site secure!