User registration & user profile – UserPlus, CVE-2023-0824

CVE, Research URL: CVE-2023-0824
Home page URL: Security reports for User registration & user profile – UserPlus
Application: User registration & user profile – UserPlus
Published on: Jan 16, 2024
Research Description: The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.
Affected versions: Min -, max 2.0.
Status: vulnerable

User registration &amp; user profile – UserPlus, CVE-2023-0824