| CVE-2022-3384 | Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Limited Remote Code Execution via um_populate_dropdown_options | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | High | 7.2 | 2022-11-29 20:39:57 | Deep Dive |
| CVE-2022-3361 | Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Contributor+) Directory Traversal via Shortcodes | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 4.3 | 2022-11-29 20:39:44 | Deep Dive |
| CVE-2021-36915 | WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability | Cozmoslabs | Profile Builder – User Profile & User Registration Forms (WordPress plugin) | Medium | 4.2 | 2022-10-11 19:34:00 | Deep Dive |
| CVE-2022-1208 | Ultimate Member <= 2.3.2 - Stored Cross-Site Scripting | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2022-06-13 12:43:38 | Deep Dive |
| CVE-2022-1209 | Ultimate Member <= 2.3.1 - Arbitrary Redirect | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 4.3 | 2022-05-10 19:34:42 | Deep Dive |
| CVE-2022-0884 | Profile Builder < 3.6.8 - Admin+ Stored Cross-Site Scripting | Unknown | Profile Builder – User Profile & User Registration Forms | 中危 | - | 2022-04-04 15:35:55 | Deep Dive |
| CVE-2022-0442 | UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override | Unknown | UsersWP – User Registration & User Profile | 中危 | - | 2022-03-07 08:16:45 | Deep Dive |
| CVE-2022-0420 | RegistrationMagic < 5.0.2.2 - Admin+ SQL Injection | Unknown | RegistrationMagic – Custom Registration Forms, User Registration and User Login Plugin | 高危 | - | 2022-03-07 08:16:33 | Deep Dive |
| CVE-2021-25034 | WP User < 7.0 - Reflected Cross-Site Scripting | Unknown | WP User – Custom Registration Forms, Login and User Profile | 中危 | - | 2022-02-28 09:06:32 | Deep Dive |
| CVE-2022-0653 | Profile Builder – User Profile & User Registration Forms <= 3.6.1 Reflected Cross-Site Scripting | Cozmoslabs | Profile Builder – User Profile & User Registration Forms | Medium | 6.1 | 2022-02-24 18:27:05 | Deep Dive |
| CVE-2021-25076 | WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting | Unknown | WP User Frontend – Membership, Profile, Registration & Post Submission Plugin for WordPress | 高危 | - | 2022-01-24 08:01:24 | Deep Dive |
| CVE-2022-0232 | User Registration, Login & Landing Pages – LeadMagic <= 1.2.7 Admin+ Stored Cross-Site Scripting | User Registration, Login & Landing Pages – LeadMagic | User Registration, Login & Landing Pages – LeadMagic | Medium | 4.8 | 2022-01-18 16:52:25 | Deep Dive |
| CVE-2021-24862 | RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection | Unknown | RegistrationMagic – Custom Registration Forms, User Registration and User Login Plugin | 高危 | - | 2022-01-10 15:30:30 | Deep Dive |
| CVE-2021-24955 | ProfilePress < 3.2.3 - Reflected Cross-Site Scripting | Unknown | User Registration, Login Form, User Profile & Membership – ProfilePress (Formerly WP User Avatar) | 中危 | - | 2021-12-13 10:41:29 | Deep Dive |
| CVE-2021-24954 | ProfilePress < 3.2.3 - Reflected Cross-Site Scripting | Unknown | User Registration, Login Form, User Profile & Membership – ProfilePress (Formerly WP User Avatar) | 中危 | - | 2021-12-13 10:41:28 | Deep Dive |
| CVE-2021-24731 | Pie Register < 3.7.1.6 - Unauthenticated SQL Injection | Unknown | Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes | 超危 | - | 2021-11-08 17:35:16 | Deep Dive |
| CVE-2021-24647 | Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login | Unknown | Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes | 高危 | - | 2021-11-08 17:34:57 | Deep Dive |
| CVE-2021-24654 | User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting | Unknown | User Registration – Custom Registration Form, Login And User Profile For WordPress | 中危 | - | 2021-10-04 11:20:17 | Deep Dive |
| CVE-2021-24527 | Profile Builder < 3.4.9 - Admin Access via Password Reset | Unknown | User Registration & User Profile – Profile Builder | 超危 | - | 2021-08-16 10:48:27 | Deep Dive |
| CVE-2021-24522 | ProfilePress < 3.1.11 - Unauthenticated Cross-Site Scripting (XSS) in tabbed login/register widget | Unknown | User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) | 中危 | - | 2021-08-09 10:04:15 | Deep Dive |