Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical1
High0
Medium3
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2025-05-09

CVE-2024-1290 - User Registration Forms Plugin

The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts.

PLUGIN User Registration Forms

CVE-2024-1290

MEDIUM CVSS 6.5 2024-03-11
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2297 - User Registration Forms Plugin

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (wppb_front_end_password_recovery). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-0814, or another vulnerability like SQL Injection in another plugin or theme installed on…

PLUGIN User Registration Forms

CVE-2023-2297

CRITICAL CVSS 9.8 2023-04-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-0814 - User Registration Forms Plugin

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account. This does require the Usermeta shortcode be enabled to be exploited.

PLUGIN User Registration Forms

CVE-2023-0814

MEDIUM CVSS 6.5 2023-02-14
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0653 - User Registration Forms Plugin

The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.

PLUGIN User Registration Forms

CVE-2022-0653

MEDIUM CVSS 6.1 2022-02-24
Open Full Technical Breakdown
Scroll to top