Description
WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset passwords of random users if account id's are known. WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction version 2.0.13 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0.14 or latest
References
http://security.szurek.pl/pie-register-2013-privilege-escalation.html
Related Vulnerabilities
WebLogic CVE-2023-21979 Vulnerability (CVE-2023-21979)
Apache Tomcat Improper Authentication Vulnerability (CVE-2012-5886)
WordPress Plugin WP Business Intelligence Lite SQL Injection (1.6.1)
MySQL CVE-2012-3173 Vulnerability (CVE-2012-3173)
YOURLS Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2021-3734)