| CVE-2024-11817 | PHPGurukul User Registration & Login and User Management System index.php sql injection | PHPGurukul | User Registration & Login and User Management System | High | 7.3 | 2024-11-26 23:00:10 | Deep Dive |
| CVE-2024-10528 | Ultimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 4.3 | 2024-11-21 05:33:49 | Deep Dive |
| CVE-2024-8519 | Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2024-10-04 02:32:23 | Deep Dive |
| CVE-2024-8520 | Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2024-10-04 02:32:22 | Deep Dive |
| CVE-2024-6069 | Pie Register - Basic <= 3.8.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation | genetechproducts | Pie Register – User Registration, Profiles & Content Restriction | High | 8.8 | 2024-07-09 08:33:11 | Deep Dive |
| CVE-2024-6265 | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by' | stiofansisland | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | Critical | 9.8 | 2024-06-29 04:33:28 | Deep Dive |
| CVE-2024-4958 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 7.1 | 2024-06-01 07:35:57 | Deep Dive |
| CVE-2024-2861 | ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-05-23 09:32:33 | Deep Dive |
| CVE-2024-2417 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 8.8 | 2024-05-02 16:52:42 | Deep Dive |
| CVE-2024-2765 | Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.4 | 2024-05-02 16:52:22 | Deep Dive |
| CVE-2024-3295 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.5 | 2024-05-02 16:52:21 | Deep Dive |
| CVE-2024-2867 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-05-02 16:52:05 | Deep Dive |
| CVE-2024-3210 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'reg-single-checkbox' | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-04-10 05:32:23 | Deep Dive |
| CVE-2024-1991 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 8.8 | 2024-04-09 18:58:59 | Deep Dive |
| CVE-2024-1990 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 8.8 | 2024-04-09 18:58:52 | Deep Dive |
| CVE-2024-2423 | UsersWP <= 1.2.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode | stiofansisland | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | Medium | 6.4 | 2024-04-09 18:58:42 | Deep Dive |
| CVE-2024-1806 | ProfilePress <= 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-03-13 15:27:17 | Deep Dive |
| CVE-2024-1409 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-03-13 15:26:49 | Deep Dive |
| CVE-2024-1535 | ProfilePress <= 4.15.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-03-13 15:26:44 | Deep Dive |
| CVE-2024-1071 | WordPress Plugin Ultimate Member 安全漏洞 | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Critical | 9.8 | 2024-03-13 15:26:32 | Deep Dive |