The plugin used for custom login and registration on WordPress has a security issue that allows unauthorized access. This happens because the plugin does not check for the appropriate permissions when submitting the main form. This means that attackers who are logged in and have access at the Subscriber level or higher can perform actions they are not supposed to.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
