cleantalk
Vulnerabilities and Security Researches

WP Register Profile With Shortcode, CVE-2025-4593

CVE, Research URL

CVE-2025-4593

Home page URL

Security reports for WP Register Profile With Shortcode

Application

WP Register Profile With Shortcode

Published on
Jul 11, 2025
Research Description
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rp_user_data' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data from user meta like hashed passwords, usernames, and more.
Affected versions
Min -, max 3.6.3.
Status
vulnerable
Previous vulnerability researches
Store Hours for WooCommerce (CVE-2024-8872) , Sep 28, 2024
New vulnerability
My Reservation System (CVE-2025-7022) , Aug 02, 2025
Connector for Gravity Forms and Google Sheets (CVE-2025-54682) , Aug 02, 2025
Content Egg (CVE-2025-47536) , Aug 02, 2025
Smart Slider 3 (CVE-2025-6348) , Aug 02, 2025
Realtyna Organic IDX plugin + WPL Real Estate (CVE-2025-54052) , Aug 02, 2025