1938 matches found
Zitadel - User Registration Bypass
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...
User Registration & Membership WordPress plugin - Open Redirect
User Registration & Membership WordPress plugin = 5.1.4 contains an open redirect caused by insufficient validation of 'redirecttoonlogout' parameter, letting attackers redirect users to malicious external URLs after logout, exploit requires crafted URL. id: CVE-2026-6203 info: name: User...
Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation
The Simple User Registration plugin ≤ 6.3 is vulnerable to privilege escalation. It lacks proper restrictions on user meta values during registration. Unauthenticated attackers can exploit this to register as administrators. id: CVE-2025-4334 info: name: Simple User Registration = 6.3 -...
WordPress User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation
User Registration & Membership WordPress plugin = 5.1.2 contains an improper privilege management vulnerability caused by accepting user-supplied roles without server-side allowlist enforcement, letting unauthenticated attackers create administrator accounts id: CVE-2026-1492 info: name: WordPres...
CVE-2026-44367
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...
XWiki < 4.10.20 - Remote code execution
XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user...
CVE-2026-36324
SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting XSS due to improper handling of user supplied input in the user registration functionality in register.php...
CVE-2026-36324
The CVE refers to SourceCodester Doctor Appointment System 1.0, where the XSS vulnerability originates from improper handling of user input in the user registration form (register.php). The available connected sources confirm the vulnerable component and the vulnerability type but do not provide ...
CVE-2026-36324
SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting XSS due to improper handling of user supplied input in the user registration functionality in register.php...
CVE-2026-36324
SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting XSS due to improper handling of user supplied input in the user registration functionality in register.php...
PT-2026-44899
SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting XSS due to improper handling of user supplied input in the user registration functionality in register.php...
WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin User Registration versions = 5.1.2...
EUVD-2026-32730
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...
CVE-2026-7651 User Registration & Membership <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion via 'profile-pic-url' Parameter
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...
WordPress plugin User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Media Deletion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin User Registration versions = 5.1.5...
Exploit for CVE-2026-36227
CVE-2026-36227: Easy Chat Server 3.1 UserName Path Traversal P...
CVE-2026-46721
Summary (CVE-2026-46721): The issue is in the TYPO3 extension “Frontend User Registration” (sf_register). The create/edit flows allow submitting arbitrary user properties and do not enforce frontend access control on user-group assignment, enabling an attacker to assign any frontend user group to...
CVE-2026-46721 Broken Access Control in extension "Frontend User Registration" (sf_register)
The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...
TYPO3-EXT-SA-2026-009: Broken Access Control in extension "Frontend User Registration" (sf_register)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-009...