CVE-2021-24654

CVE-2021-24654: User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting

Vendor Unknown
Product User Registration – Custom Registration Form, Login And User Profile For WordPress
Weakness CWE-79 · XSS
Published October 4, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed

Key dates

02Disclosure timeline

October 4, 2021 CVE published
August 3, 2024 Record updated