CVE-2026-5193 Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.13 - Authenticated (Author+) Limited Privilege Escalation via register_user

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'registeruser' function, which only blocks the 'administrator' rol...

CVE-2026-5193

Vulnerability summary (CVE-2026-5193) : The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is susceptible to privilege escalation in all versions up to and including 6.5.13. The root cause is insufficient role validation in the register_user function, ...

CVE-2026-23461 Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2capunregisteruser After commit ab4eedb790ca "Bluetooth: L2CAP: Fix corrupted list in hcichandel", l2capconndel uses conn-lock to protect access to conn-users. However, l2capregisteruser a...

PT-2026-30155

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Bluetooth L2CAP implementation, specifically within the l2cap unregister user function. A race condition occurs because l2cap register user and l2cap...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992432)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992432 advisory. In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in registershmhelper With special lengths supplied by user space,...

CVE-2023-1687

A vulnerability classified as problematic has been found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file LoginRegistration.php?a=registeruser. The manipulation of the argument Fullname leads to cross site scripting. It is possible to launch the...

CVE-2025-2228

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'registeruser' function. This makes it possible for authenticated attackers, with...

WordPress plugin Responsive Addons for Elementor 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

WordPress Realteo plugin <= 1.2.8 - Authentication Bypass via 'do_register_user' vulnerability

Authentication Bypass via 'doregisteruser' vulnerability discovered by Tonn in WordPress Plugin Realteo versions = 1.2.8...

CVE-2024-6425

Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=&Password=&ConfirmPassword="...

CVE-2024-6418

A vulnerability classified as critical has been found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file /classes/Users.php?f=registeruser. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...

PT-2024-9989 · WordPress · Vibebp

Name of the Vulnerable Software and Affected Versions: VibeBP versions 1.9.9.4.1 and earlier Description: The issue is related to an Incorrect Privilege Assignment vulnerability, which allows Privilege Escalation. This vulnerability is associated with the vibebp register user function in the...

CVE-2024-2409

The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the registeruser function called by the 'wpajaxnoprivstmlmsregister' AJAX action. This makes it possible for...

MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation

Description The plugin does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts. 1. Visit the Profiles Settings page for the plugin: MS LMS LMS Settings Profiles 2. Ensure that "Disable Instructor...

CVE-2023-1690

A vulnerability, which was classified as problematic, has been found in SourceCodester Earnings and Expense Tracker App 1.0. This issue affects some unknown processing of the file LoginRegistration.php?a=registeruser. The manipulation of the argument fullname leads to cross site scripting. The...

PT-2023-17170 · Sourcecodester · Sourcecodester Simple Task Allocation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Task Allocation System version 1.0 Description: A problematic issue has been discovered, allowing for cross-site scripting through the manipulation of the Fullname argument in the "LoginRegistration.php?a=register user"...

Dating Bar App Has Logic Flaws

Dating App is a dating platform. There is a logic vulnerability in Dating Bar APP. An attacker can register any user and reset any password by grabbing packets and blasting through the forget password function...

SQL Injection Via Mailbox

genix/cms is susceptible to SQL injection attacks. The vulnerability is possible because it allows attackers to register a new user by using with a chosen ID using a request such as register.php?act=edit=1...

WordPress Plugin Ultimate Product Catalogue 4.2.2 - SQL Injection

WordPress Plugin Ultimate Product Catalogue 4.2.2 - SQL Injection Exploit Title: Ultimate Product Catalogue 4.2.2 Sql Injection – Plugin WordPress – Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/ultimate-product-catalogue/ Software Link:...

WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (1)

WordPress Plugin WP Private Messages 1.0.1 - SQL Injection 1 Exploit Title: WP Private Messages 1.0.1 – Plugin WordPress – Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/wp-private-messages/ Software Link: https://wordpress.org/plugins/wp-private-messages...