WordPress Plugin Vulnerabilities

Easy Registration Forms <= 2.1.1 - Subscriber+ Information Disclosure via Shortcode

Description

The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode due to insufficient controls on the information retrievable via the shortcode.

Affects Plugins

Plugin icon
easy-registration-forms
No known fix

References

CVE
CVE-2023-5134
URL
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/easy-registration-forms/easy-registration-forms-211-authenticated-subscriber-information-disclosure-via-shortcode

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
1661ba71-5d80-4c56-92b0-0f1e9e0f42b5

Timeline

Publicly Published
2023-09-22 (about 2 years ago)
Added
2023-09-23 (about 2 years ago)
Last Updated
2023-09-23 (about 2 years ago)

Other

Published
Title
Published
2026-02-03
Title
Magic Import Document Extractor <= 1.0.6 - Unauthenticated Sensitive Information Exposure
Published
2026-05-01
Title
Widgets for Social Photo Feed < 1.8.1 - Missing Authentication to Unauthenticated Plugin Settings Access/Update via trustindex_feed_hook_instagram REST API endpoints
Published
2024-02-27
Title
Under Construction / Maintenance Mode from Acurax <= 2.6 - Authenticated (Subscriber+) Sensitive Information Exposure
Published
2024-08-16
Title
Flash & HTML5 Video < 2.5.32 - Authenticated (Subscriber+) Information Exposure
Published
2024-06-10
Title
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor < 3.8.9 - Unauthenticated Sensitive Information Exposure