cleantalk
Vulnerabilities and Security Researches

Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Conten, CVE-2022-4024

CVE, Research URL

CVE-2022-4024

Home page URL

Security reports for Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Conten

Application

Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Conten

Published on
Dec 19, 2022
Research Description
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)
Affected versions
Min 2.0.14, max 2.0.15.
Status
vulnerable
Previous vulnerability researches
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Conten (CVE-2026-24577) , Jan 27, 2026
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Conten (CVE-2024-13818) , Feb 23, 2025
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Conten (CVE-2024-6069) , Jul 10, 2024
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Conten (CVE-2015-7682) , Jun 07, 2024
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Conten (CVE-2015-7377) , Jun 07, 2024
New vulnerability
Security & Malware scan by CleanTalk , Apr 03, 2026
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026