CVE-2024-0324 is an improper access control vulnerability (CWE-284) found in the WordPress plugin 'User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor' by reflectionmedia, affecting all versions up to and including 3.10.8. The vulnerability stems from the absence of a capability check in the function 'wppb_two_factor_authentication_settings_update', which manages the enabling and disabling of two-factor authentication (2FA) settings for user roles in the Premium version of the plugin. Because this function lacks proper authorization validation, unauthenticated attackers can invoke it remotely to modify 2FA settings for any user role, effectively bypassing intended security controls. This unauthorized modification can disable 2FA protections for privileged accounts or enable 2FA in a way that could be exploited for privilege escalation or account takeover. The vulnerability does not require any user interaction or authentication, making it remotely exploitable over the network with low attack complexity. The CVSS 3.1 base score is 8.2 (High), reflecting the network attack vector, no privileges required, no user interaction, and a significant impact on integrity with limited availability impact. While no public exploits have been reported yet, the vulnerability presents a serious risk to WordPress sites using this plugin, especially those relying on 2FA for enhanced security. The lack of patch links suggests that a fix may not yet be publicly available, emphasizing the need for immediate mitigation steps.

The vulnerability allows unauthenticated attackers to modify two-factor authentication settings for arbitrary user roles, which can severely undermine the security posture of affected WordPress sites. By disabling 2FA for privileged roles such as administrators, attackers can increase the likelihood of successful account compromise through credential theft or brute force attacks. Conversely, enabling 2FA in a manipulated manner could be used to lock out legitimate users or create confusion in authentication flows. The integrity of user security configurations is directly impacted, potentially leading to unauthorized access, privilege escalation, and data breaches. Although availability impact is low, the overall security risk is high due to the ease of exploitation and the critical role 2FA plays in protecting user accounts. Organizations relying on this plugin for user management and security are at risk of losing control over user authentication mechanisms, which could cascade into broader system compromises. The threat affects all WordPress sites using the vulnerable plugin versions, which may include small businesses, enterprises, and service providers globally.

1. Immediately update the 'User Profile Builder' plugin to a patched version once available from the vendor or reflectionmedia. Monitor official channels for patch releases. 2. If a patch is not yet available, temporarily disable or remove the plugin to prevent exploitation. 3. Restrict access to the WordPress REST API or the specific endpoint/function associated with 'wppb_two_factor_authentication_settings_update' using web application firewalls (WAFs) or custom access control rules to block unauthenticated requests. 4. Implement strict monitoring and alerting on changes to 2FA settings or user role configurations within WordPress to detect suspicious activity promptly. 5. Enforce strong authentication and password policies for all user accounts, especially administrators, to mitigate risks if 2FA is disabled. 6. Consider deploying additional security plugins that provide enhanced access control and logging capabilities. 7. Conduct regular security audits and vulnerability scans on WordPress environments to identify and remediate similar issues proactively. 8. Educate site administrators about the risks of unauthorized 2FA modifications and encourage vigilance in plugin management.