106 matches found
CVE-2024-1053
The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to...
CVE-2024-1053 Event Tickets and Registration <= 5.8.1 - Missing Authorization
The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to...
CVE-2024-1053 Event Tickets and Registration <= 5.8.1 - Missing Authorization
The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to...
CVE-2024-1053
CVE-2024-1053 affects the WordPress plugin “Event Tickets and Registration.” A missing capability check on the email action in versions up to and including 5.8.1 allows authenticated users with contributor-level access and above to email the attendees list to themselves. Impact is listed as data ...
WordPress Plugin Event Tickets and Registration Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2024-16346 · WordPress · Event Tickets/Registration
Name of the Vulnerable Software and Affected Versions: Event Tickets and Registration plugin for WordPress versions up to, and including, 5.8.1 Description: The issue is related to a missing capability check on the email action, allowing authenticated attackers with contributor-level access and...
CVE-2023-5228 User Registration < 3.0.4.2 - Admin+ Stored XSS
The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-46202
Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Auto Login New User After Registration plugin = 1.9.6 versions...
CVE-2023-46202
Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Auto Login New User After Registration plugin = 1.9.6 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Auto Login New User After Registration plugin = 1.9.6 versions...
CVE-2023-3342
The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...
Hardcoded credentials
The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...
CVE-2023-3342 User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload
The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...
CVE-2023-3342
The CVE-2023-3342 entry concerns the WordPress User Registration plugin (versions ≤ 3.0.2). The vulnerability arises from a hardcoded encryption key and missing file type validation in the ur_upload_profile_pic function, allowing authenticated users with subscriber-level privileges or higher to u...
WordPress User Registration 3.0.2 Arbitrary File Upload
Description: User Registration = 3.0.2 – Authenticated Subscriber+ Arbitrary File Upload Affected Plugin: User Registration – Custom Registration Form, Login Form And User Profile For WordPress Plugin Slug: user-registration Affected Versions: = 3.0.2 CVE ID: CVE-2023-3342 CVSS Score: 9.9 Critica...
CVE-2023-3371
The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...
CVE-2023-3371
CVE-2023-3371 affects the EmbedPress WordPress plugin (
CVE-2023-23987
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPEverest User Registration plugin = 2.3.0 versions...
CVE-2023-23987 WordPress User Registration plugin <= 2.3.0 - Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpeverest User Registration user-registration allows DOM-Based XSS.This issue affects User Registration: from n/a through = 2.3.0...
WordPress plugin User Registration 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...