Lucene search
K

106 matches found

NVD
NVD
added 2025/07/22 2:15 a.m.6 views

CVE-2025-6831

The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcrrestrict shortcode in all versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.003EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/22 1:44 a.m.9 views

CVE-2025-6831 User Registration <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode

The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcrrestrict shortcode in all versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.003EPSS
Exploits0References5
CVE
CVE
added 2025/07/22 1:44 a.m.21 views

CVE-2025-6831

CVE-2025-6831 affects the WordPress User Registration plugin. The vulnerability is a Stored Cross-Site Scripting via the urcr_restrict shortcode in all versions up to 4.2.4, caused by insufficient input sanitization and output escaping on user-supplied attributes. Authenticated attackers with con...

6.4CVSS5.6AI score0.003EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.3 views

PT-2025-30370 · WordPress · User Registration

Name of the Vulnerable Software and Affected Versions: User Registration plugin for WordPress versions prior to 4.2.5 Description: The User Registration plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s urcr restrict shortcode. Insufficient input sanitization...

6.4CVSS5.7AI score0.003EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 9:59 a.m.11 views

CVE-2024-1290

The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts...

6.5CVSS6.8AI score0.00554EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:24 a.m.4 views

CVE-2024-3295

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profilepicremove function in versions up to, and including, 3.1.5. This makes it possible for...

6.5CVSS5.4AI score0.0091EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:22 a.m.7 views

CVE-2024-1720

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping...

6.1CVSS6AI score0.00547EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:31 a.m.7 views

CVE-2024-8874

The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.24. This makes it possible for unauthenticated attackers to...

6.1CVSS6.4AI score0.00456EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:15 a.m.12 views

CVE-2023-3342

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...

9.9CVSS7.6AI score0.01454EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:15 a.m.7 views

CVE-2023-3371

The EmbedPress plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view...

7.5CVSS7.1AI score0.00544EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:55 a.m.8 views

CVE-2023-3343

The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP...

8.8CVSS7.3AI score0.00949EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:21 p.m.6 views

CVE-2022-3912

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example...

7.5CVSS7.2AI score0.00743EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.6 views

CVE-2021-24527

The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such...

10CVSS7.1AI score0.07696EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:27 a.m.6 views

CVE-2010-4839

SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the eventid parameter in a register action...

7.5CVSS8.9AI score0.02764EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.4 views

PT-2025-19903

Name of the Vulnerable Software and Affected Versions User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress versions prior to 4.2.2 Description The issue is related to an Insecure Direct Object Reference in the create stripe subscription...

5.3CVSS6.9AI score0.00376EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/04/26 5:35 a.m.14 views

CVE-2025-2594

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID...

8.1CVSS6.8AI score0.0719EPSS
Exploits4References1
NVD
NVD
added 2025/04/22 6:15 a.m.52 views

CVE-2025-2594

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID...

8.1CVSS0.0719EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.9 views

PT-2025-17488 · WordPress · User Registration & Membership

Name of the Vulnerable Software and Affected Versions: User Registration & Membership WordPress plugin version 4.1.2 and earlier Description: The issue concerns the User Registration & Membership WordPress plugin, where data in an AJAX action is not properly validated when the Membership Addon is...

8.1CVSS7.8AI score0.0719EPSS
Exploits4References7
Vulnrichment
Vulnrichment
added 2025/04/19 2:22 a.m.5 views

CVE-2025-3284 User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.3. This is due to missing or incorrect nonce validation on the userregistrationprodeleteaccount...

4.3CVSS4.3AI score0.00142EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/27 11:15 a.m.6 views

WordPress User Registration plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ayato Shitomi @ Fore-Z co.ltd in WordPress Plugin User Registration versions = 4.0.3...

5.9CVSS6.1AI score0.00293EPSS
Exploits0Affected Software1
Rows per page
Query Builder