Lucene search
WPScanCVE-2024-1290HistoryMar 11, 2024 - 6:15 p.m.
CVE-2024-1290
2024-03-1118:15:18
WPScan
web.nvd.nist.gov
33
cve-2024-1290
wordpress
plugin
user registration
security vulnerability
contributor role
shortcode
password reset
account takeover
The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts.
Affected configurations
Node
wpeverestuser_registrationRange<2.12wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpeverest | user_registration | * | cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "User Registration",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "2.12"
}
],
"defaultStatus": "unaffected"
}
]Related
cvelist
cvelist
wpexploit
wpexploit
nvd
nvd
CVE-2024-1290
2024-03-11 18:15:18
prion
prion
Design/Logic Flaw
2024-03-11 18:15:00
vulnrichment
vulnrichment
wpvulndb
wpvulndb
wordfence
wordfence