2 matches found
CVE-2021-24654
The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attack...
CVE-2021-24654
CVE-2021-24654 affects the WordPress plugin User Registration (before 2.0.2). The vulnerability arises because user_registration_profile_pic_url is not properly sanitised when submitted via the user_registration_update_profile_details AJAX action, allowing any authenticated user (e.g., a subscrib...