72 matches found
CVE-2021-24527
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such...
PT-2025-19903
Name of the Vulnerable Software and Affected Versions User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress versions prior to 4.2.2 Description The issue is related to an Insecure Direct Object Reference in the create stripe subscription...
CVE-2025-2594
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID...
CVE-2025-2594
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID...
PT-2025-17488 · WordPress · User Registration & Membership
Name of the Vulnerable Software and Affected Versions: User Registration & Membership WordPress plugin version 4.1.2 and earlier Description: The issue concerns the User Registration & Membership WordPress plugin, where data in an AJAX action is not properly validated when the Membership Addon is...
CVE-2025-3284 User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.3. This is due to missing or incorrect nonce validation on the userregistrationprodeleteaccount...
WordPress User Registration plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ayato Shitomi @ Fore-Z co.ltd in WordPress Plugin User Registration versions = 4.0.3...
WordPress plugin User Registration 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
WordPress User Registration plugin <= 4.0.4 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin User Registration versions = 4.0.4...
CVE-2025-1511
CVE-2025-1511 refers to a Reflected Cross-Site Scripting vulnerability in the WordPress plugin “User Registration & Membership – Custom Registration Form, Login Form, and User Profile” affecting all versions up to 4.0.4. The Red Hat entry corroborates that the flaw arises from insufficient input ...
WordPress plugin User Registration 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2024-10508 RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery
The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updati...
PT-2024-20306 · WordPress · User Registration – Custom Registration Form
Name of the Vulnerable Software and Affected Versions: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin versions up to, and including, 3.1.5 Description: The issue is related to a missing capability check on the form save action function, allowing...
$2,063 Bounty Awarded for Privilege Escalation Vulnerability Patched in User Registration WordPress Plugin
🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On March 9th, 2024, during our second Bug Bounty Extravaganza, we...
CVE-2023-27459 WordPress User Registration plugin <= 2.3.2.1 - Authenticated PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1...
CVE-2024-1290
The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts...
PT-2024-17787 · WordPress · User Registration
Name of the Vulnerable Software and Affected Versions: User Registration WordPress plugin versions prior to 2.12 Description: The issue allows users with at least the contributor role to render sensitive shortcodes, which can be used to generate and leak valid password reset URLs. This enables th...
CVE-2024-1720
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping...
CVE-2023-5228 User Registration < 3.0.4.2 - Admin+ Stored XSS
The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-3342
The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...