| CVE-2024-5149 | BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.5 | 2024-06-05 04:32:25 | Deep Dive |
| CVE-2024-1991 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 8.8 | 2024-04-09 18:58:59 | Deep Dive |
| CVE-2024-1990 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 8.8 | 2024-04-09 18:58:52 | Deep Dive |
| CVE-2024-1158 | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 4.3 | 2024-03-13 15:26:35 | Deep Dive |
| CVE-2024-1170 | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Deletion | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | High | 8.2 | 2024-03-07 11:01:58 | Deep Dive |
| CVE-2024-1169 | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Upload | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | High | 7.5 | 2024-03-07 11:01:58 | Deep Dive |
| CVE-2024-0324 | User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | High | 8.2 | 2024-02-05 21:21:37 | Deep Dive |
| CVE-2023-51509 | WordPress RegistrationMagic Plugin <= 5.2.4.1 is vulnerable to Cross Site Scripting (XSS) | Metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 7.1 | 2024-02-01 11:24:54 | Deep Dive |
| CVE-2023-6504 | Profile Builder <= 3.10.7 - Insecure Direct Object Reference to Sensitive Information Exposure via user_meta Shortcode | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 4.3 | 2024-01-11 08:33:09 | Deep Dive |
| CVE-2023-50846 | WordPress RegistrationMagic Plugin <= 5.2.4.5 is vulnerable to SQL Injection | RegistrationMagic | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 7.6 | 2023-12-28 18:19:26 | Deep Dive |
| CVE-2023-47645 | WordPress RegistrationMagic Plugin <= 5.2.2.6 is vulnerable to Cross Site Request Forgery (CSRF) | RegistrationMagic | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Medium | 4.3 | 2023-11-30 13:34:47 | Deep Dive |
| CVE-2023-47669 | WordPress Profile Builder Plugin <= 3.10.3 is vulnerable to Cross Site Request Forgery (CSRF) | Cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 5.4 | 2023-11-13 00:55:28 | Deep Dive |
| CVE-2023-5134 | Easy Registration Forms <= 2.1.1 - Authenticated (Subscriber+) Information Disclosure via Shortcode | easyregistrationforms | Easy Registration Forms | Medium | 4.3 | 2023-09-23 07:34:02 | Deep Dive |
| CVE-2022-4888 | Multiple Plugins from Addify - Multiple CSRF | Unknown | Checkout Fields Manager | 中危 | - | 2023-07-31 09:37:33 | Deep Dive |
| CVE-2023-2548 | RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Medium | 6.6 | 2023-05-16 08:40:02 | Deep Dive |
| CVE-2023-2499 | RegistrationMagic <= 5.2.1.0 - Authentication Bypass | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Critical | 9.8 | 2023-05-16 08:40:01 | Deep Dive |
| CVE-2023-2297 | Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Critical | 9.8 | 2023-04-26 23:30:18 | Deep Dive |
| CVE-2022-38971 | WordPress BuddyForms Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS) | ThemeKraft | Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions | Medium | 4.7 | 2023-03-16 08:49:16 | Deep Dive |
| CVE-2023-0552 | Pie Register < 3.8.2.3 - Open Redirect | Unknown | Registration Forms | 中危 | - | 2023-02-27 15:24:31 | Deep Dive |
| CVE-2023-0814 | Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.5 | 2023-02-14 01:13:13 | Deep Dive |