CVE-2021-24654 – User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-24654

06 Sep 2021 — The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed El plugin User Registration de WordPress versiones anteriores a 2.0.2 no sanea correctamente el valor user_registration_profile_pic_url cuando se envía directamente por medio d... • https://wpscan.com/vulnerability/5c7a9473-d32e-47d6-9f8e-15b96fe758f2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •