Vulnerabilities > Wpeverest > User Registration > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-06 | CVE-2023-5228 | Cross-site Scripting vulnerability in Wpeverest User Registration The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2023-04-06 | CVE-2023-23987 | Unspecified vulnerability in Wpeverest User Registration Auth. | 4.8 |
| 2021-10-04 | CVE-2021-24654 | Cross-site Scripting vulnerability in Wpeverest User Registration The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. | 5.4 |