CVE-2021-24654

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed
References
Configurations

Configuration 1

cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:wordpress:*:*

Information

Published : 2021-10-04 12:15

Updated : 2021-10-08 06:39


NVD link : CVE-2021-24654

Mitre link : CVE-2021-24654

Products Affected
No products.
CWE