2 matches found
WordPress Omnishop plugin <= 1.0.9 - Missing Registration Restriction to Unauthenticated Account Creation via /users/register REST Endpoint vulnerability
Missing Registration Restriction to Unauthenticated Account Creation via /users/register REST Endpoint vulnerability discovered by ch4r0n in WordPress Plugin Omnishop versions = 1.0.9...
CVE-2025-6215
The Omnishop plugin for WordPress is vulnerable to Unauthenticated Registration Bypass in all versions up to, and including, 1.0.9. Its /users/register endpoint is exposed to the public permissioncallback always returns true and invokes wpcreateuser unconditionally, ignoring the site’s...