Lucene search
K

106 matches found

OSV
OSV
added 2024/02/22 6:15 a.m.4 views

CVE-2024-1053

The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to...

4.3CVSS5.8AI score0.00396EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/22 5:32 a.m.27 views

CVE-2024-1053 Event Tickets and Registration <= 5.8.1 - Missing Authorization

The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to...

4.3CVSS4.6AI score0.00396EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/22 5:32 a.m.16 views

CVE-2024-1053 Event Tickets and Registration <= 5.8.1 - Missing Authorization

The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to...

4.3CVSS6.6AI score0.00396EPSS
Exploits0References2
CVE
CVE
added 2024/02/22 5:32 a.m.81 views

CVE-2024-1053

CVE-2024-1053 affects the WordPress plugin “Event Tickets and Registration.” A missing capability check on the email action in versions up to and including 5.8.1 allows authenticated users with contributor-level access and above to email the attendees list to themselves. Impact is listed as data ...

4.3CVSS5.2AI score0.00396EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/02/22 12:0 a.m.4 views

WordPress Plugin Event Tickets and Registration Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.5AI score0.00396EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.4 views

PT-2024-16346 · WordPress · Event Tickets/Registration

Name of the Vulnerable Software and Affected Versions: Event Tickets and Registration plugin for WordPress versions up to, and including, 5.8.1 Description: The issue is related to a missing capability check on the email action, allowing authenticated attackers with contributor-level access and...

4.3CVSS5.2AI score0.00396EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/11/06 8:40 p.m.9 views

CVE-2023-5228 User Registration < 3.0.4.2 - Admin+ Stored XSS

The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8AI score0.00562EPSS
Exploits2References1
NVD
NVD
added 2023/10/25 6:17 p.m.21 views

CVE-2023-46202

Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Auto Login New User After Registration plugin = 1.9.6 versions...

8.8CVSS5.8AI score0.00277EPSS
Exploits0References1
OSV
OSV
added 2023/10/25 6:17 p.m.4 views

CVE-2023-46202

Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Auto Login New User After Registration plugin = 1.9.6 versions...

8.8CVSS7.3AI score0.00277EPSS
Exploits0References1
Prion
Prion
added 2023/10/25 6:17 p.m.18 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Auto Login New User After Registration plugin = 1.9.6 versions...

6.8CVSS8.8AI score0.00277EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/07/13 3:15 a.m.9 views

CVE-2023-3342

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...

9.9CVSS8AI score0.01454EPSS
Exploits2References5
Prion
Prion
added 2023/07/13 3:15 a.m.34 views

Hardcoded credentials

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...

6.5CVSS9.4AI score0.01454EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2023/07/13 2:4 a.m.62 views

CVE-2023-3342 User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...

9.9CVSS9.8AI score0.01454EPSS
Exploits2References4
CVE
CVE
added 2023/07/13 2:4 a.m.124 views

CVE-2023-3342

The CVE-2023-3342 entry concerns the WordPress User Registration plugin (versions ≤ 3.0.2). The vulnerability arises from a hardcoded encryption key and missing file type validation in the ur_upload_profile_pic function, allowing authenticated users with subscriber-level privileges or higher to u...

9.9CVSS9.5AI score0.01454EPSS
Exploits2References5Affected Software1
Packet Storm
Packet Storm
added 2023/07/12 12:0 a.m.302 views

WordPress User Registration 3.0.2 Arbitrary File Upload

Description: User Registration = 3.0.2 – Authenticated Subscriber+ Arbitrary File Upload Affected Plugin: User Registration – Custom Registration Form, Login Form And User Profile For WordPress Plugin Slug: user-registration Affected Versions: = 3.0.2 CVE ID: CVE-2023-3342 CVSS Score: 9.9 Critica...

7.1AI score0.01454EPSS
Exploits2
OSV
OSV
added 2023/06/27 2:15 a.m.13 views

CVE-2023-3371

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...

7.5CVSS5.8AI score0.00544EPSS
Exploits0References6
CVE
CVE
added 2023/06/27 1:55 a.m.49 views

CVE-2023-3371

CVE-2023-3371 affects the EmbedPress WordPress plugin (

7.5CVSS7.1AI score0.00544EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/04/06 6:15 a.m.3 views

CVE-2023-23987

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPEverest User Registration plugin = 2.3.0 versions...

4.8CVSS5.8AI score0.00392EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/06 5:22 a.m.8 views

CVE-2023-23987 WordPress User Registration plugin <= 2.3.0 - Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpeverest User Registration user-registration allows DOM-Based XSS.This issue affects User Registration: from n/a through = 2.3.0...

5.9CVSS5.8AI score0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/06 12:0 a.m.5 views

WordPress plugin User Registration 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS5.2AI score0.00392EPSS
Exploits0References2
Rows per page
Query Builder