Description The plugin does not validate parameters supplied to the update_core_user() function, which could allow users to register an account with any role (such as administrator) when registering via the registration form of the plugin (ie the [charitable_registration] shortcode embed in a page/post)
CPE | Name | Operator | Version |
---|---|---|---|
eq | 1.7.0.13 |