1977 matches found
Zitadel - User Registration Bypass
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...
Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation
The Simple User Registration plugin ≤ 6.3 is vulnerable to privilege escalation. It lacks proper restrictions on user meta values during registration. Unauthenticated attackers can exploit this to register as administrators. id: CVE-2025-4334 info: name: Simple User Registration = 6.3 -...
User Registration & Membership WordPress plugin - Open Redirect
User Registration & Membership WordPress plugin = 5.1.4 contains an open redirect caused by insufficient validation of 'redirecttoonlogout' parameter, letting attackers redirect users to malicious external URLs after logout, exploit requires crafted URL. id: CVE-2026-6203 info: name: User...
XWiki < 4.10.20 - Remote code execution
XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user...
WordPress User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation
User Registration & Membership WordPress plugin = 5.1.2 contains an improper privilege management vulnerability caused by accepting user-supplied roles without server-side allowlist enforcement, letting unauthenticated attackers create administrator accounts id: CVE-2026-1492 info: name: WordPres...
EUVD-2026-39782
Unauthenticated Broken Access Control in User Registration = 5.2.2 versions...
CVE-2026-52701
Unauthenticated Broken Access Control in User Registration = 5.2.2 versions...
CVE-2026-52701
CVE-2026-52701 is an unauthenticated broken access control vulnerability affecting WordPress User Registration plugin versions
CVE-2026-52701 WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration = 5.2.2 versions...
CVE-2026-1869
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirmpayment function in all...
WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.2.0 - Missing Authorization to Unauthenticated Payment Bypass vulnerability
Missing Authorization to Unauthenticated Payment Bypass vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin User Registration versions = 5.2.0...
EUVD-2026-39639
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirmpayment function in all...
WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by nobody09 in WordPress Plugin User Registration versions = 5.2.2...
EUVD-2026-37620
Unauthenticated Broken Access Control in User Registration Stripe = 1.3.12 versions...
EUVD-2026-37595
Unauthenticated Broken Access Control in User Registration Stripe = 1.3.14 versions...
CVE-2026-49081
Unauthenticated Broken Access Control in User Registration Stripe = 1.3.12 versions...
CVE-2026-40726
Unauthenticated Broken Access Control in User Registration Stripe = 1.3.14 versions...
CVE-2026-49081 WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration Stripe = 1.3.12 versions...
CVE-2026-49081
The CVE-2026-49081 entry notes an Unauthenticated Broken Access Control in the WordPress User Registration Stripe plugin, affecting versions
CVE-2026-40726 WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration Stripe = 1.3.14 versions...