Reales WP STPT Unauthorized User Registration Vulnerability

Vulnerability

A vulnerability exists in the Reales WP STPT plugin for WordPress, allowing unauthorized user registration. This issue affects all versions through 2.1.2. The vulnerability arises because the 'reales_user_signup_form' AJAX action fails to check if user registration is enabled before processing sign-ups. As a result, unauthenticated attackers can create new user accounts, potentially leading to privilege escalation when combined with another vulnerability.

Impact

Exploitation of this vulnerability allows for unauthorized user registration, which can be used to create accounts with elevated privileges, depending on the WordPress role assigned.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Reales WP STPT Unauthorized User Registration Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating