User Registration Security Vulnerabilities and Issues — User Registration CVE List

Lucene search

WpeverestUser Registration

4 matches found

CVE•added 2023/07/13 3:15 a.m.•104 views

CVE-2023-3342

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-l...

9.9CVSS9.5AI score0.03345EPSS

CVE•added 2023/07/13 3:15 a.m.•70 views

CVE-2023-3343

The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Obj...

8.8CVSS8.8AI score0.00311EPSS

CVE•added 2023/11/06 9:15 p.m.•49 views

CVE-2023-5228

The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS4.7AI score0.00547EPSS

CVE•added 2023/04/06 6:15 a.m.•38 views

CVE-2023-23987

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin

5.9CVSS4.9AI score0.00058EPSS