CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27459 – WordPress User Registration plugin <= 2.3.2.1 - Authenticated PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-27459
21 Mar 2023 — Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1. Vulnerabilidad de deserialización de datos no confiables en el registro de usuarios de WPeverest. Este problema afecta el registro de usuarios: desde n/a hasta 2.3.2.1. The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3.2.1 via deserialization of untrusted input in the following functions: ur_get_use... • https://patchstack.com/database/vulnerability/user-registration/wordpress-user-registration-plugin-2-3-2-1-authenticated-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23987 – WordPress User Registration Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23987
20 Jan 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin <= 2.3.0 versions. The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via field settings in versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses ... • https://patchstack.com/database/vulnerability/user-registration/wordpress-user-registration-custom-registration-form-login-form-and-user-profile-for-wordpress-plugin-2-3-0-cross-site-scripting-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3912 – User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2022-3912
21 Nov 2022 — The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example. El complemento User Registration de WordPress anterior a 2.2.4.1 no restringe adecuadamente los archivos que se cargarán mediante una acción AJAX disponible para usuarios autenticados y no autenticados, lo que podría permitir a los usuarios no autenticado... • https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24654 – User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24654
06 Sep 2021 — The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed El plugin User Registration de WordPress versiones anteriores a 2.0.2 no sanea correctamente el valor user_registration_profile_pic_url cuando se envía directamente por medio d... • https://wpscan.com/vulnerability/5c7a9473-d32e-47d6-9f8e-15b96fe758f2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •