User Registration & User Management System Security Vulnerabilities and Issues — User Registration & User Management System CVE List

Lucene search

User Registration & User Management System ProjectUser Registration & User Management System

4 matches found

CVE•added 2024/03/11 6:15 p.m.•63 views

CVE-2024-1290

The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts.

6.5CVSS6.7AI score0.00403EPSS

CVE•added 2022/12/12 6:15 p.m.•49 views

CVE-2022-3912

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.

7.5CVSS7.6AI score0.00218EPSS

CVE•added 2023/11/06 9:15 p.m.•49 views

CVE-2023-5228

The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS4.7AI score0.00547EPSS

CVE•added 2022/12/05 8:15 p.m.•31 views

CVE-2022-43097

Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login pages.

5.4CVSS5.4AI score0.00152EPSS