The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed
[
{
"product": "User Registration – Custom Registration Form, Login And User Profile For WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.0.2",
"status": "affected",
"version": "2.0.2",
"versionType": "custom"
}
]
}
]