2 matches found
CVE-2025-3281 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.1 via the createstripesubscription function, due to missing validation on the 'memberid' use...
WordPress User Registration plugin <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion vulnerability
Insecure Direct Object Reference to Unauthenticated Limited User Deletion vulnerability discovered by wesley wcraft in WordPress Plugin User Registration versions = 4.2.1...