High severity8.8NVD Advisory· Published Sep 13, 2023· Updated Apr 8, 2026

CVE-2023-4213

Description

The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts.

Affected products

Mikevanwinkle/Simplr Registration Form Plus\+
cpe:2.3:a:mikevanwinkle:simplr_registration_form_plus\+:*:*:*:*:*:wordpress:*:*
Range: <=2.4.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/browser/simplr-registration-form/trunk/lib/profile.phpnvdThird Party Advisory
www.wordfence.com/threat-intel/vulnerabilities/id/6ddf0452-3afe-4ada-bccc-30c818968a81nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000