CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49217 – WordPress Adding drop down roles in registration plugin <= 1.1 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-49217
Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1. The Adding drop down roles in registration plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1. This is due to the plugin not properly restricting what roles a user can register as. This makes it possible for unauthenticated attackers to register as an administrator. • https://patchstack.com/database/vulnerability/user-drop-down-roles-in-registration/wordpress-adding-drop-down-roles-in-registration-plugin-1-1-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52209 – WordPress WPForms User Registration plugin <= 2.1.0 - Authenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-52209
Improper Privilege Management vulnerability in WPForms, LLC. WPForms User Registration allows Privilege Escalation.This issue affects WPForms User Registration: from n/a through 2.1.0. The WPForms User Registration plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.1.0. This is due to a missing capability check when adding a role option to a form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a form that allows them to register as a higher privileged user. • https://patchstack.com/database/vulnerability/wpforms-user-registration/wordpress-wpforms-user-registration-plugin-2-1-0-authenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46202 – WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46202
Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration plugin <= 1.9.6 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Jeff Sherk Auto Login New User After Registration en versiones <= 1.9.6. The Auto Login New User After Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.6. This is due to missing or incorrect nonce validation on the alnuar_auto_login_new_user_after_registration_options function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/auto-login-new-user-after-registration/wordpress-auto-login-new-user-after-registration-plugin-1-9-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46201 – WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46201
Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.This issue affects Auto Login New User After Registration: from n/a through 1.9.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Jeff Sherk Auto Login New User After Registration permite almacenar XSS. Este problema afecta Auto Login New User After Registration: desde n/a hasta 1.9.6. The Auto Login New User After Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alnuar_auto_login_new_user_after_registration_redirect' parameter in all versions up to, and including, 1.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/auto-login-new-user-after-registration/wordpress-auto-login-new-user-after-registration-plugin-1-9-6-csrf-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40851
https://notcve.org/view.php?id=CVE-2023-40851
Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page. Vulnerabilidad de Cross Site Scripting (XSS) en Phpgurukul User Registration & Login y User Management System con el panel de administración 3.0 permite a los atacantes ejecutar código arbitrario a través de los campos fname, lname, correo electrónico y contacto de la página de registro de usuario. • https://www.exploit-db.com/exploits/51694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •