CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27459 – WordPress User Registration plugin <= 2.3.2.1 - Authenticated PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-27459
Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1. Vulnerabilidad de deserialización de datos no confiables en el registro de usuarios de WPeverest. Este problema afecta el registro de usuarios: desde n/a hasta 2.3.2.1. The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3.2.1 via deserialization of untrusted input in the following functions: ur_get_user_extra_fields, user_registration_form_field. This allows subscriber-level attackers to inject a PHP Object. • https://patchstack.com/database/vulnerability/user-registration/wordpress-user-registration-plugin-2-3-2-1-authenticated-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43097
https://notcve.org/view.php?id=CVE-2022-43097
Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login pages. Phpgurukul User Registration & User Management System v3.0 contiene múltiples vulnerabilidades de cross site scripting (XSS) almacenado a través de los parámetros firstname y lastname del formulario de registro y de páginas de inicio de sesión. • https://github.com/nibin-m/CVE-2022-43097 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23051
https://notcve.org/view.php?id=CVE-2020-23051
Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields. Se ha detectado que Phpgurukul User Registration & User Management System versión v2.0, contiene múltiples vulnerabilidades de tipo cross-site scripting (XSS) almacenado por medio de los parámetros firstname y lastname de los campos de entrada registration form y loginsystem • https://www.vulnerability-lab.com/get_content.php?id=2216 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26766
https://notcve.org/view.php?id=CVE-2020-26766
A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1. Se presenta una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en la página loginsystem en PHPGurukul User Registration & Login and User Management System With Admin Panel versión 2.1 • https://www.exploit-db.com/exploits/49180 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-24723
https://notcve.org/view.php?id=CVE-2020-24723
Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en la página de Registro del panel de administración en PHPGurukul User Registration & Login and User Management System With admin panel versión 2.1 • https://phpgurukul.com https://systemweakness.com/cve-2020-24723-89ea76588286 https://th3cyb3rc0p.medium.com/cve-2020-24723-89ea76588286 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •