Security Advisory

CVE-2023-0824

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-16 15:56:28

Last updated 2025-06-20 17:00:42

Assigner WPScan

State PUBLISHED

Description

The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.

← Browse all CVEs View on cve.org ↗