A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. .
http://packetstormsecurity.com/files/163973/WordPress-ProfilePress-3.1.3-Privilege-Escalation.html