WordPress Plugin Vulnerabilities

CM Registration Pro < 3.2.1 - PHP Object Injection

Description

The plugin was using an outdated library which was affected by a PHP Object Injection issue. The free version is not affected as it was not using the library even though it was skipped with it.

Affects Plugins

Plugin icon
cm-registration-pro
Fixed in 3.2.1

References

URL
https://www.cminds.com/wordpress-plugins-library/registration-and-invitation-codes-plugin-for-wordpress/#changelog

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
5.6 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
e5376e60-5f39-41be-a644-4e4a510bb848

Timeline

Publicly Published
2021-05-17 (about 4 years ago)
Added
2021-05-17 (about 4 years ago)
Last Updated
2021-05-18 (about 4 years ago)

Other

Published
Title
Published
2025-03-27
Title
Rapyd Payment Extension for WooCommerce < 1.2.1 - Unauthenticated PHP Object Injection
Published
2023-12-28
Title
YITH WooCommerce Product Add-Ons < 4.3.1 - Authenticated(Shop Manager+) PHP Object Injection
Published
2025-12-30
Title
Dental Care CPT <= 20.2 - Authenticated (Contributor+) PHP Object Injection
Published
2024-05-07
Title
Ditty – Responsive News Tickers, Sliders, and Lists < 3.1.39 - Authenticated (Contributor+) PHP Object Injection
Published
2025-08-19
Title
ThemeMakers Visual Content Composer <= 1.5.8 - Unauthenticated PHP Object Injection