High severity8.8NVD Advisory· Published Jan 11, 2024· Updated Jun 17, 2026
CVE-2023-5448
CVE-2023-5448
Description
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the update_password_validate function. This makes it possible for unauthenticated attackers to reset a user's password via a forged request granted they can trick the user into performing an action such as clicking on a link.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:aviplugins:wp_register_profile_with_shortcode:*:*:*:*:*:wordpress:*:*Range: <=3.5.9
- Range: <=3.5.9
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.