Lucene search
K

106 matches found

CNNVD
CNNVD
added 2025/03/27 12:0 a.m.6 views

WordPress plugin User Registration 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

5.9CVSS7.9AI score0.00293EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/28 8:53 p.m.4 views

WordPress User Registration plugin <= 4.0.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin User Registration versions = 4.0.4...

6.1CVSS6.3AI score0.00294EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/02/28 5:23 a.m.92 views

CVE-2025-1511

CVE-2025-1511 refers to a Reflected Cross-Site Scripting vulnerability in the WordPress plugin “User Registration & Membership – Custom Registration Form, Login Form, and User Profile” affecting all versions up to 4.0.4. The Red Hat entry corroborates that the flaw arises from insufficient input ...

6.1CVSS6AI score0.00294EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/02/21 12:15 p.m.6 views

CVE-2025-1402

The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajaxticketdelete' function in all versions up to, and including, 5.19.1.1. This makes it possible for authenticated attackers, with Contributor-level access...

5.3CVSS5.9AI score0.00411EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/21 12:0 a.m.3 views

WordPress plugin Event Tickets and Registration 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

5.3CVSS8.1AI score0.00411EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.4 views

WordPress plugin Event Tickets and Registration 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS8.8AI score0.00311EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/24 5:24 p.m.9 views

CVE-2025-24683 WordPress RSVP and Event Management Plugin <= 2.7.14 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Chill RSVP and Event Management rsvp allows SQL Injection.This issue affects RSVP and Event Management: from n/a through = 2.7.14...

7.6CVSS8.9AI score0.00564EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.10 views

WordPress plugin User Registration 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

5.3CVSS8.8AI score0.00402EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/09 7:35 a.m.38 views

CVE-2024-10508 RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery

The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updati...

9.8CVSS0.01463EPSS
Exploits2References4
Cvelist
Cvelist
added 2024/10/17 5:42 p.m.36 views

CVE-2024-49217 WordPress Adding drop down roles in registration plugin <= 1.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through = 1.1...

9.8CVSS0.00463EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/17 5:42 p.m.20 views

CVE-2024-49217 WordPress Adding drop down roles in registration plugin <= 1.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through = 1.1...

9.8CVSS5.9AI score0.00463EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/16 12:31 p.m.28 views

CVE-2024-49247 WordPress BuddyPress Better Registration plugin <= 1.6 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in SK BuddyPress Better Registration better-bp-registration allows Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through = 1.6...

9.8CVSS0.0052EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/10/14 10:51 a.m.6 views

WordPress Adding drop down roles in registration plugin <= 1.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Adding drop down roles in registration versions = 1.1...

9.8CVSS7AI score0.00463EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-20306 · WordPress · User Registration – Custom Registration Form

Name of the Vulnerable Software and Affected Versions: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin versions up to, and including, 3.1.5 Description: The issue is related to a missing capability check on the form save action function, allowing...

8.8CVSS6.5AI score0.00938EPSS
Exploits0References6
Wordfence Blog
Wordfence Blog
added 2024/04/19 3:0 p.m.32 views

$2,063 Bounty Awarded for Privilege Escalation Vulnerability Patched in User Registration WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On March 9th, 2024, during our second Bug Bounty Extravaganza, we...

6.5CVSS7.2AI score0.00938EPSS
Exploits0
Patchstack
Patchstack
added 2024/04/16 12:0 a.m.16 views

WordPress User Registration Plugin <= 3.1.5 is vulnerable to Broken Access Control

Software User Registration Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3295 Patch priority Medium CVSS severity Medium 6.5 Developer Masteriyo PSID 0a09ce75cc11 Credits wesley wcraft Required...

6.5CVSS6.5AI score0.0091EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/03/26 8:1 p.m.26 views

CVE-2023-27459 WordPress User Registration plugin <= 2.3.2.1 - Authenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1...

7.4CVSS7.7AI score0.00611EPSS
Exploits0References1
OSV
OSV
added 2024/03/11 6:15 p.m.3 views

CVE-2024-1290

The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts...

6.5CVSS5.8AI score0.00554EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/03/11 12:0 a.m.4 views

PT-2024-17787 · WordPress · User Registration

Name of the Vulnerable Software and Affected Versions: User Registration WordPress plugin versions prior to 2.12 Description: The issue allows users with at least the contributor role to render sensitive shortcodes, which can be used to generate and leak valid password reset URLs. This enables th...

6.5CVSS9.4AI score0.00554EPSS
Exploits2References5
OSV
OSV
added 2024/03/07 6:15 a.m.5 views

CVE-2024-1720

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping...

6.1CVSS7.4AI score0.00547EPSS
Exploits0References3
Rows per page
Query Builder