Easy Registration Forms Security Vulnerabilities and Issues — Easy Registration Forms CVE List

Lucene search

EasyregistrationformsEasy Registration Forms

5 matches found

CVE•added 2023/02/27 4:15 p.m.•63 views

CVE-2023-0552

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability

5.4CVSS5.3AI score0.11681EPSS

CVE•added 2022/12/19 2:15 p.m.•44 views

CVE-2022-4024

The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)

6.5CVSS6.6AI score0.00178EPSS

CVE•added 2020/11/04 5:15 p.m.•32 views

CVE-2020-22275

Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.

8.8CVSS8.6AI score0.01048EPSS

CVE•added 2021/11/19 4:15 p.m.•31 views

CVE-2021-39353

The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2...

8.8CVSS8.7AI score0.00086EPSS

CVE•added 2023/09/23 8:15 a.m.•30 views

CVE-2023-5134

The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with sub...

4.3CVSS4.5AI score0.00142EPSS