1969 matches found
User Registration & Membership WordPress plugin - Open Redirect
User Registration & Membership WordPress plugin = 5.1.4 contains an open redirect caused by insufficient validation of 'redirecttoonlogout' parameter, letting attackers redirect users to malicious external URLs after logout, exploit requires crafted URL. id: CVE-2026-6203 info: name: User...
Zitadel - User Registration Bypass
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...
WordPress User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation
User Registration & Membership WordPress plugin = 5.1.2 contains an improper privilege management vulnerability caused by accepting user-supplied roles without server-side allowlist enforcement, letting unauthenticated attackers create administrator accounts id: CVE-2026-1492 info: name: WordPres...
Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation
The Simple User Registration plugin ≤ 6.3 is vulnerable to privilege escalation. It lacks proper restrictions on user meta values during registration. Unauthenticated attackers can exploit this to register as administrators. id: CVE-2025-4334 info: name: Simple User Registration = 6.3 -...
EUVD-2026-37620
Unauthenticated Broken Access Control in User Registration Stripe = 1.3.12 versions...
EUVD-2026-37595
Unauthenticated Broken Access Control in User Registration Stripe = 1.3.14 versions...
CVE-2026-49081
Unauthenticated Broken Access Control in User Registration Stripe = 1.3.12 versions...
CVE-2026-40726
Unauthenticated Broken Access Control in User Registration Stripe = 1.3.14 versions...
CVE-2026-49081 WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration Stripe = 1.3.12 versions...
CVE-2026-49081
The CVE-2026-49081 entry notes an Unauthenticated Broken Access Control in the WordPress User Registration Stripe plugin, affecting versions
CVE-2026-40726 WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration Stripe = 1.3.14 versions...
CVE-2026-40726
CVE-2026-40726 affects the WordPress plugin User Registration Stripe (versions
XWiki < 4.10.20 - Remote code execution
XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user...
EUVD-2026-36911
Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...
CVE-2026-25425
Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...
CVE-2026-25425 WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...
CVE-2026-25425
CVE-2026-25425 concerns the WordPress plugin User Registration (versions ≤ 5.1.2). The connected sources confirm an Unauthenticated Broken Access Control vulnerability in this plugin, affecting its ability to restrict access to certain functions or data. The CVE entry explicitly lists the issue a...
CVE-2026-25425 WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...
PT-2026-49356
Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...
PT-2026-49114
Name of the Vulnerable Software and Affected Versions User Registration Stripe versions prior to 1.3.13 Description Unauthenticated broken access control allows unauthorized users to bypass security restrictions within the plugin. Recommendations Update to a version later than 1.3.12...