Lucene search
K

1994 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-43284

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

8.1CVSS6.1AI score0.00132EPSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-11963

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

8.1CVSS0.00132EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday25 views

Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation

The Simple User Registration plugin ≤ 6.3 is vulnerable to privilege escalation. It lacks proper restrictions on user meta values during registration. Unauthenticated attackers can exploit this to register as administrators. id: CVE-2025-4334 info: name: Simple User Registration = 6.3 -...

9.8CVSS6.1AI score0.02055EPSS
Exploits5References1
Nuclei
Nuclei
added yesterday10 views

User Registration & Membership WordPress plugin - Open Redirect

User Registration & Membership WordPress plugin = 5.1.4 contains an open redirect caused by insufficient validation of 'redirecttoonlogout' parameter, letting attackers redirect users to malicious external URLs after logout, exploit requires crafted URL. id: CVE-2026-6203 info: name: User...

6.1CVSS6.1AI score0.00663EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday67 views

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

7.5CVSS7AI score0.02572EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday44 views

WordPress User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation

User Registration & Membership WordPress plugin = 5.1.2 contains an improper privilege management vulnerability caused by accepting user-supplied roles without server-side allowlist enforcement, letting unauthenticated attackers create administrator accounts id: CVE-2026-1492 info: name: WordPres...

9.8CVSS7.1AI score0.25532EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-57423

Name of the Vulnerable Software and Affected Versions Genolve – AI image AI video generation plugin for WordPress versions prior to 5.0.6 Description Authenticated attackers with Contributor-level access and above can perform unauthorized modification of data. This is caused by a missing capabili...

8.8CVSS6.2AI score0.00308EPSS
Exploits0References7
NVD
NVD
added 6 days ago9 views

CVE-2026-14250

The Themehunk Login Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.2. This is due to the handlefrontendregister function in the unauthenticated /thlogin/v1/register REST endpoint accepting a user-controlled 'role' parameter and...

6.3CVSS0.00209EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 6:16 a.m.7 views

CVE-2026-11965

The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users after self-registering an account through the open registration flow to obtain an active subscription on any paid...

6.5CVSS0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 6:0 a.m.41 views

CVE-2026-11965 User Registration & Membership < 5.2.0 - Unauthenticated Paid Membership Bypass

The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users after self-registering an account through the open registration flow to obtain an active subscription on any paid...

0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 6:0 a.m.8 views

EUVD-2026-41255

The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users after self-registering an account through the open registration flow to obtain an active subscription on any paid...

6.5CVSS5.8AI score0.00164EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-13568

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/usershandler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of t...

7.5CVSS0.00278EPSS
Exploits0References5
NVD
NVD
added 2026/06/29 2:16 p.m.9 views

CVE-2026-13570

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/usershandler.php of the component User Registration Endpoint. Performing a manipulation of the argument fullname results in cross site scripting. The attack is possible...

5.1CVSS0.00191EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:15 p.m.7 views

CVE-2026-13570

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/usershandler.php of the component User Registration Endpoint. Performing a manipulation of the argument fullname results in cross site scripting. The attack is possible...

5.1CVSS4.4AI score0.00191EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/06/29 1:15 p.m.21 views

CVE-2026-13570

The CVE-2026-13570 entry concerns SourceCodester Inventory Management System 1.0 and affects the User Registration Endpoint, specifically the /api/users_handler.php function where manipulating the full_name parameter leads to cross-site scripting. The vulnerability is exploitable remotely, with p...

5.1CVSS4.4AI score0.00191EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 12:45 p.m.44 views

CVE-2026-13568 SourceCodester Inventory Management System User Registration Endpoint users_handler.php access control

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/usershandler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of t...

7.5CVSS0.00278EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 12:45 p.m.9 views

EUVD-2026-40088

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/usershandler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of t...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.119 views

XWiki < 4.10.20 - Remote code execution

XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user...

10CVSS8.1AI score0.9348EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/26 3:32 p.m.7 views

EUVD-2026-39782

Unauthenticated Broken Access Control in User Registration = 5.2.2 versions...

6.5CVSS5.8AI score0.00194EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-52701

Unauthenticated Broken Access Control in User Registration = 5.2.2 versions...

6.5CVSS0.00194EPSS
Exploits0References1
Rows per page
Query Builder