Lucene search
+L

101 matches found

Cvelist
Cvelist
added 2024/12/04 7:32 a.m.25 views

CVE-2024-11293 Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login <= 1.7.9 - Authentication Bypass via WordPress.com OAuth provider

The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.9. This is due to insufficient...

8.1CVSS0.00517EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/04 12:0 a.m.6 views

WordPress plugin Registration Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS8.5AI score0.00517EPSS
Exploits0References3
OSV
OSV
added 2024/10/26 12:15 p.m.5 views

CVE-2024-10402

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-leve...

8.8CVSS5.8AI score0.00512EPSS
Exploits0References2
OSV
OSV
added 2024/09/14 4:15 a.m.6 views

CVE-2024-8246

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to se...

8.8CVSS5.8AI score0.00431EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.8 views

PT-2024-38888 · WordPress · The Post Form – Registration Form – Profile Form For User Profiles – Frontend Content Forms For User Submissions

Name of the Vulnerable Software and Affected Versions: The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress versions up to, and including, 2.8.11 Description: The vulnerability is due to the plugin not properly...

8.8CVSS6.5AI score0.00431EPSS
Exploits0References11
NVD
NVD
added 2024/07/09 9:15 a.m.30 views

CVE-2024-6069

The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pieregisterinstalladdon function in...

8.8CVSS0.00631EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.4 views

WordPress plugin Registration Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS6.7AI score0.00631EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.9 views

PT-2024-37363 · WordPress · Registration Forms

Name of the Vulnerable Software and Affected Versions: The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress versions up to, and including, 3.8.3.4 Description: The issue allows authenticated...

8.8CVSS7.1AI score0.00631EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/06/12 7:40 p.m.41 views

WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms

Impact A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript...

5.4CVSS5.3AI score0.00483EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/07 12:0 a.m.7 views

PT-2024-27123 · WordPress · Powerpack Pro For Elementor

Name of the Vulnerable Software and Affected Versions: PowerPack Pro for Elementor plugin for WordPress versions up to, and including, 2.10.17 Description: The issue is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possib...

8.8CVSS6.4AI score0.00431EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.6 views

PT-2024-27918 · WordPress · Spectra Pro

Name of the Vulnerable Software and Affected Versions: Spectra Pro plugin for WordPress versions up to and including 1.1.5 Description: The issue allows lower-privileged users to create registration forms and set the default role to administrator. This enables authenticated attackers with...

8.8CVSS7AI score0.00563EPSS
Exploits0References3
CVE
CVE
added 2024/04/29 12:35 p.m.78 views

CVE-2024-4310

HubBank 1.0.2 is affected by a Cross-site Scripting (XSS) vulnerability in registration and profile forms due to insufficient input filtering/escaping. An attacker can deliver a crafted JavaScript payload that executes when an authenticated user loads the page, enabling session takeover. Affected...

6.3CVSS5.7AI score0.00293EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.7 views

HubBank 跨站脚本漏洞

HubBank is an app from HubBank, Inc. A cross-site scripting vulnerability exists in HubBank version 1.0.2, which stems from the lack of effective filtering and escaping of user-supplied data on registration and profile forms, and can be exploited by an attacker to execute arbitrary web script or...

6.3CVSS5.9AI score0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/29 12:0 a.m.11 views

PT-2024-30296 · Hubbank · Hubbank

Name of the Vulnerable Software and Affected Versions: HubBank version 1.0.2 Description: The issue is a Cross-site Scripting XSS vulnerability that allows an attacker to send a specially crafted JavaScript payload to registration and profile forms. This payload can be triggered when any...

6.3CVSS5.9AI score0.00293EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/03/14 12:0 a.m.19 views

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login < 5.3.1.0 - Authenticated (Subscriber+) Privilege Escalation

Description The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateusersrole function in all versions up to, and including, 5.3.0.0. This makes it...

8.8CVSS6.8AI score0.00891EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/01 12:15 p.m.8 views

CVE-2023-51509

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic – Custom Registration Forms, User...

6.1CVSS5.8AI score0.00351EPSS
Exploits0References1
Prion
Prion
added 2024/02/01 12:15 p.m.21 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic – Custom Registration Forms, User...

5.8CVSS7.2AI score0.00351EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/12/28 7:15 p.m.8 views

CVE-2023-50846

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration,...

7.2CVSS7.3AI score0.00529EPSS
Exploits0References1
CVE
CVE
added 2023/12/28 6:19 p.m.60 views

CVE-2023-50846

Mode C: CVE-2023-50846 affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (WordPress). The issue is an SQL Injection in RegistrationMagic up to version 5.2.4.5 caused by improper neutralization of user-controlled input. Impact is significant (high), ...

7.6CVSS7.8AI score0.00529EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/30 2:15 p.m.6 views

CVE-2023-47645

Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User...

8.8CVSS7.3AI score
Exploits0References1
Rows per page
Query Builder