Unrated severityNVD Advisory· Published Oct 4, 2021· Updated Aug 3, 2024
User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting
CVE-2021-24654
Description
The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/User Registrationdescription
- Range: <2.0.2
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/5c7a9473-d32e-47d6-9f8e-15b96fe758f2mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.