cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwp-register-profile-with-shortcode wp-register-profile-with-shortcode

Direction: ascending
Jun 06, 2024

WP Register Profile With Shortcode # CVE-2023-23818

CVE, Research URL

CVE-2023-23818

Home page URL

Security reports for WP Register Profile With Shortcode

Application

WP Register Profile With Shortcode

Date
Jun 12, 2023
Research Description
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Aviplugins.Com WP Register Profile With Shortcode plugin <= 3.5.7 versions.
Affected versions
Min -, max -.
Status
vulnerable

WP Register Profile With Shortcode # CVE-2023-5448

CVE, Research URL

CVE-2023-5448

Home page URL

Security reports for WP Register Profile With Shortcode

Application

WP Register Profile With Shortcode

Date
Jan 11, 2024
Research Description
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the update_password_validate function. This makes it possible for unauthenticated attackers to reset a user's password via a forged request granted they can trick the user into performing an action such as clicking on a link.
Affected versions
Min -, max -.
Status
vulnerable
Jun 22, 2025

WP Register Profile With Shortcode # CVE-2025-50042

CVE, Research URL

CVE-2025-50042

Home page URL

Security reports for WP Register Profile With Shortcode

Application

WP Register Profile With Shortcode

Date
Jun 20, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Register Profile With Shortcode allows Stored XSS. This issue affects WP Register Profile With Shortcode: from n/a through 3.6.1.
Affected versions
Min -, max -.
Status
vulnerable
Jul 13, 2025

WP Register Profile With Shortcode # CVE-2025-4593

CVE, Research URL

CVE-2025-4593

Home page URL

Security reports for WP Register Profile With Shortcode

Application

WP Register Profile With Shortcode

Date
Jul 11, 2025
Research Description
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rp_user_data' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data from user meta like hashed passwords, usernames, and more.
Affected versions
Min -, max -.
Status
vulnerable