← Back

Wp Register Profile With Shortcode

wp_register_profile_with_shortcode

Vendor: Aviplugins • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-5448
1Aviplugins
1Wp Register Profile With Shortcode
Jun 17, 2026
Jan 11, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the update_password...Show more
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the update_password_validate function. This makes it possible for unauthenticated attackers to reset a user's password via a forged request granted they can trick the user into performing an action such as clicking on a link.Show less
CVE-2023-23818
1Aviplugins
1Wp Register Profile With Shortcode
Jun 17, 2026
Jun 12, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Aviplugins.Com WP Register Profile With Shortcode plugin <= 3.5.7 versions.