Lucene search
K

27 matches found

Cvelist
Cvelist
added 2025/11/08 3:27 a.m.5 views

CVE-2025-12353 WPFunnels <= 3.6.2 - Unauthorized User Registration

The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value...

5.3CVSS0.00219EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-53997

Malicious code in bioql PyPI...

5.3CVSS9.2AI score0.00258EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-13387

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.0024EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:55 a.m.10 views

CVE-2024-4875

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajaxdismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with...

4.3CVSS6.4AI score0.00755EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/08 2:25 a.m.19 views

CVE-2025-3609

The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'realesusersignupform' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for...

5.3CVSS6.4AI score0.0024EPSS
Exploits0References1
NVD
NVD
added 2025/05/06 3:15 a.m.15 views

CVE-2025-3609

The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'realesusersignupform' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for...

5.3CVSS0.0024EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/06 1:42 a.m.10 views

CVE-2025-3609 Reales WP STPT <= 2.1.2 - Unauthorized User Registration

The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'realesusersignupform' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for...

5.3CVSS8.5AI score0.0024EPSS
Exploits0References2
CVE
CVE
added 2025/05/06 1:42 a.m.65 views

CVE-2025-3609

CVE-2025-3609: Reales WP STPT for WordPress allows unauthenticated user registration via the reales_user_signup_form AJAX action in all versions up to 2.1.2, due to a missing check on whether user registration is enabled. Root cause is the action not verifying the registration state before creati...

5.3CVSS6.7AI score0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/06 1:42 a.m.20 views

CVE-2025-3609 Reales WP STPT <= 2.1.2 - Unauthorized User Registration

The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'realesusersignupform' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for...

5.3CVSS0.0024EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.4 views

PT-2025-19823 · WordPress · Reales Wp Stpt

Name of the Vulnerable Software and Affected Versions: Reales WP STPT plugin for WordPress versions up to and including 2.1.2 Description: The issue allows unauthorized user registration due to the 'reales user signup form' AJAX action not checking if user registration is enabled before registeri...

5.3CVSS6.2AI score0.0024EPSS
Exploits0References9
CVE
CVE
added 2025/03/05 8:21 a.m.71 views

CVE-2024-8682

CVE-2024-8682 affects JNews theme for WordPress (versions up to and including 11.6.6). The vulnerability allows unauthenticated users to register as site users because register_handler() does not adequately validate if user registration is enabled before creating a user. Impact is unauthorized us...

5.3CVSS7AI score0.00258EPSS
Exploits1References2
CVE
CVE
added 2024/11/21 6:49 a.m.68 views

CVE-2024-10393

CVE-2024-10393 affects the WordPress Tutor LMS plugin, vulnerable in versions

5.3CVSS5.2AI score0.00563EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/11/05 12:51 p.m.7 views

Unauthorized User Registration Bypass

github.com/zitadel/zitadel is vulnerable to unauthorized user registration bypass. This vulnerability is due to a missing security check when the "User Registration allowed" option is disabled, which hides the registration button but does not block direct access to the registration URL...

7.5CVSS6.6AI score0.02572EPSS
Exploits0References15Affected Software1
CVE
CVE
added 2024/10/25 2:22 p.m.118 views

CVE-2024-49757

Zitadel contains a user-registration bypass in versions prior to 2.64.0 (and 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, 2.58.7) due to a missing security check. Administrators can disable self-registration (via the UI) but attackers could still register by navigating directly to /ui/login/loginname,...

7.5CVSS7.3AI score0.02572EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2024/09/13 3:15 p.m.29 views

CVE-2024-8269

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...

7.3CVSS0.00382EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/09/13 3:10 p.m.20 views

CVE-2024-8269 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...

7.3CVSS0.00382EPSS
Exploits0References4
CVE
CVE
added 2024/09/13 3:10 p.m.77 views

CVE-2024-8269

CVE-2024-8269 – MStore API (WordPress) is an unauthenticated vulnerability in the MStore API plugin (WordPress) affecting versions up to 4.15.3. The issue arises because register() does not verify that user registration is enabled, allowing unauthenticated attackers to create user accounts on sit...

7.3CVSS6.5AI score0.00382EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/13 3:10 p.m.21 views

CVE-2024-8269 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the...

7.3CVSS6.5AI score0.00382EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/09/13 6:16 a.m.6 views

WordPress MStore API plugin <= 4.15.3 - Unauthorized User Registration vulnerability

Unauthorized User Registration vulnerability discovered by wesley wcraft in WordPress Plugin MStore API versions = 4.15.3...

7.3CVSS7AI score0.00382EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/07/02 11:15 a.m.50 views

CVE-2024-6088

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user...

5.3CVSS0.0062EPSS
Exploits0References4
Rows per page
Query Builder