2 matches found
CVE-2024-3295
CVE-2024-3295 affects the WordPress plugin User Registration – Custom Registration Form, Login Form, and User Profile, with vulnerable versions up to 3.1.5. The issue is a missing capability check in profile_pic_remove, enabling unauthenticated attackers to delete media files. The CVE entry is su...
WordPress User Registration Plugin <= 3.1.5 is vulnerable to Broken Access Control
Software User Registration Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3295 Patch priority Medium CVSS severity Medium 6.5 Developer Masteriyo PSID 0a09ce75cc11 Credits wesley wcraft Required...