101 matches found
CVE-2024-11293 Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login <= 1.7.9 - Authentication Bypass via WordPress.com OAuth provider
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.9. This is due to insufficient...
WordPress plugin Registration Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-10402
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-leve...
CVE-2024-8246
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to se...
PT-2024-38888 · WordPress · The Post Form – Registration Form – Profile Form For User Profiles – Frontend Content Forms For User Submissions
Name of the Vulnerable Software and Affected Versions: The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress versions up to, and including, 2.8.11 Description: The vulnerability is due to the plugin not properly...
CVE-2024-6069
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pieregisterinstalladdon function in...
WordPress plugin Registration Forms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-37363 · WordPress · Registration Forms
Name of the Vulnerable Software and Affected Versions: The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress versions up to, and including, 3.8.3.4 Description: The issue allows authenticated...
WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms
Impact A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript...
PT-2024-27123 · WordPress · Powerpack Pro For Elementor
Name of the Vulnerable Software and Affected Versions: PowerPack Pro for Elementor plugin for WordPress versions up to, and including, 2.10.17 Description: The issue is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possib...
PT-2024-27918 · WordPress · Spectra Pro
Name of the Vulnerable Software and Affected Versions: Spectra Pro plugin for WordPress versions up to and including 1.1.5 Description: The issue allows lower-privileged users to create registration forms and set the default role to administrator. This enables authenticated attackers with...
CVE-2024-4310
HubBank 1.0.2 is affected by a Cross-site Scripting (XSS) vulnerability in registration and profile forms due to insufficient input filtering/escaping. An attacker can deliver a crafted JavaScript payload that executes when an authenticated user loads the page, enabling session takeover. Affected...
HubBank 跨站脚本漏洞
HubBank is an app from HubBank, Inc. A cross-site scripting vulnerability exists in HubBank version 1.0.2, which stems from the lack of effective filtering and escaping of user-supplied data on registration and profile forms, and can be exploited by an attacker to execute arbitrary web script or...
PT-2024-30296 · Hubbank · Hubbank
Name of the Vulnerable Software and Affected Versions: HubBank version 1.0.2 Description: The issue is a Cross-site Scripting XSS vulnerability that allows an attacker to send a specially crafted JavaScript payload to registration and profile forms. This payload can be triggered when any...
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login < 5.3.1.0 - Authenticated (Subscriber+) Privilege Escalation
Description The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateusersrole function in all versions up to, and including, 5.3.0.0. This makes it...
CVE-2023-51509
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic – Custom Registration Forms, User...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic – Custom Registration Forms, User...
CVE-2023-50846
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration,...
CVE-2023-50846
Mode C: CVE-2023-50846 affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (WordPress). The issue is an SQL Injection in RegistrationMagic up to version 5.2.4.5 caused by improper neutralization of user-controlled input. Impact is significant (high), ...
CVE-2023-47645
Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User...