2 matches found
CVE-2023-3343
The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP...
CVE-2023-3343
The CVE-2023-3343 issue affects the WordPress User Registration plugin (versions up to 3.0.1). It enables PHP Object Injection through deserialization of untrusted input from the profile-pic-url parameter. Exploitation requires authenticated access at subscriber level or higher; a successful atta...