Wp Register Profile With Shortcode
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-5448 | Hig | 0.57 | 8.8 | 0.00 | Jan 11, 2024 | The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the update_password_validate function. This makes it possible for… | ||
| CVE-2025-4593 | Med | 0.42 | 6.5 | 0.00 | Jul 11, 2025 | The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rp_user_data' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above,… | ||
| CVE-2025-50042 | Med | 0.42 | 6.5 | 0.00 | Jun 20, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Register Profile With Shortcode wp-register-profile-with-shortcode allows Stored XSS.This issue affects WP Register Profile With Shortcode: from n/a through <=… | ||
| CVE-2023-23818 | Med | 0.38 | 5.9 | 0.00 | Jun 12, 2023 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Aviplugins.Com WP Register Profile With Shortcode plugin <= 3.5.7 versions. |
- risk 0.57cvss 8.8epss 0.00
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the update_password_validate function. This makes it possible for…
- risk 0.42cvss 6.5epss 0.00
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rp_user_data' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above,…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Register Profile With Shortcode wp-register-profile-with-shortcode allows Stored XSS.This issue affects WP Register Profile With Shortcode: from n/a through <=…
- risk 0.38cvss 5.9epss 0.00
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Aviplugins.Com WP Register Profile With Shortcode plugin <= 3.5.7 versions.