CVE-2025-49947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup...

CVE-2025-49947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup...

CVE-2025-60211 WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through = 3.2.3...

CVE-2025-60211

CVE-2025-60211 concerns an Incorrect Privilege Assignment vulnerability in the WordPress plugin extendons-registration-fields (WooCommerce Registration Fields Plugin - Custom Signup Fields). The issue arises from improper privilege assignment, enabling privilege escalation. Affected are the plugi...

CVE-2025-49947

CVE-2025-49947 relates to the WordPress plugin extendons-registration-fields (WooCommerce Registration Fields Plugin – Custom Signup Fields). The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by improper neutralization of input during web page generation, applicable to versions u...

CVE-2025-49947 WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup...

CVE-2025-49947 WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup...

EUVD-2022-3077

Malicious code in bioql PyPI...

WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Privilege Escalation vulnerability

WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin = 3.2.3 - Privilege Escalation vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WooCommerce Registration Fields Plugin - Custom Signup Fields versions = 3.2.3...

CVE-2022-29172

Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before 11.33.0, when the “additional signup fields” feature is configured, a malicious actor can inject invalidated HTML code...

Design/Logic Flaw

Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before 11.33.0, when the “additional signup fields� feature is configured, a malicious actor can inject invalidated HTML co...

CVE-2022-29172 HTML injection with additional signup fields

Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before 11.33.0, when the “additional signup fields” feature is configured, a malicious actor can inject invalidated HTML code...

CVE-2022-29172 HTML injection with additional signup fields

Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before 11.33.0, when the “additional signup fields” feature is configured, a malicious actor can inject invalidated HTML code...

CVE-2022-29172

Auth0 Lock (auth0-lock) vulnerability CVE-2022-29172 affects versions before 11.33.0 where the “additional signup fields” feature allows HTML injection into the fields, storing invalid HTML in the user metadata payload (name property). This can cause a crafted link to render HTML in the recipient...

PT-2022-2605 · Auth0 · Auth0

Name of the Vulnerable Software and Affected Versions: Auth0 versions prior to 11.33.0 Description: The issue is related to the "additional signup fields" feature in Auth0, where a malicious actor can inject invalidated HTML code into these fields, which is then stored in the service user metdata...