27 matches found
CVE-2025-12353 WPFunnels <= 3.6.2 - Unauthorized User Registration
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value...
EUVD-2024-53997
Malicious code in bioql PyPI...
EUVD-2025-13387
Malicious code in bioql PyPI...
CVE-2024-4875
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajaxdismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with...
CVE-2025-3609
The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'realesusersignupform' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for...
CVE-2025-3609
The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'realesusersignupform' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for...
CVE-2025-3609 Reales WP STPT <= 2.1.2 - Unauthorized User Registration
The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'realesusersignupform' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for...
CVE-2025-3609
CVE-2025-3609: Reales WP STPT for WordPress allows unauthenticated user registration via the reales_user_signup_form AJAX action in all versions up to 2.1.2, due to a missing check on whether user registration is enabled. Root cause is the action not verifying the registration state before creati...
CVE-2025-3609 Reales WP STPT <= 2.1.2 - Unauthorized User Registration
The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'realesusersignupform' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for...
PT-2025-19823 · WordPress · Reales Wp Stpt
Name of the Vulnerable Software and Affected Versions: Reales WP STPT plugin for WordPress versions up to and including 2.1.2 Description: The issue allows unauthorized user registration due to the 'reales user signup form' AJAX action not checking if user registration is enabled before registeri...
CVE-2024-8682
CVE-2024-8682 affects JNews theme for WordPress (versions up to and including 11.6.6). The vulnerability allows unauthenticated users to register as site users because register_handler() does not adequately validate if user registration is enabled before creating a user. Impact is unauthorized us...
CVE-2024-10393
CVE-2024-10393 affects the WordPress Tutor LMS plugin, vulnerable in versions
Unauthorized User Registration Bypass
github.com/zitadel/zitadel is vulnerable to unauthorized user registration bypass. This vulnerability is due to a missing security check when the "User Registration allowed" option is disabled, which hides the registration button but does not block direct access to the registration URL...
CVE-2024-49757
Zitadel contains a user-registration bypass in versions prior to 2.64.0 (and 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, 2.58.7) due to a missing security check. Administrators can disable self-registration (via the UI) but attackers could still register by navigating directly to /ui/login/loginname,...
CVE-2024-8269
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...
CVE-2024-8269 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...
CVE-2024-8269
CVE-2024-8269 – MStore API (WordPress) is an unauthenticated vulnerability in the MStore API plugin (WordPress) affecting versions up to 4.15.3. The issue arises because register() does not verify that user registration is enabled, allowing unauthenticated attackers to create user accounts on sit...
CVE-2024-8269 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...
WordPress MStore API plugin <= 4.15.3 - Unauthorized User Registration vulnerability
Unauthorized User Registration vulnerability discovered by wesley wcraft in WordPress Plugin MStore API versions = 4.15.3...
CVE-2024-6088
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user...