← Back

Simplr Registration Form Plus+

simplr_registration_form_plus+

Vendor: Mikevanwinkle • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-4213
1Mikevanwinkle
1Simplr Registration Form Plus+
Apr 8, 2026
Sep 13, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, l...Show more
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts.Show less