Sensitive Information Exposure in User Registration Forms Plugin for WordPress
CVE-2024-13818

5.3MEDIUM

Key Information:

Vendor
GenetecHProducts
Status
Registration Forms – User Registration Forms, Invitation-based Registrations, Front-end User Profile, Login Form & Content Restriction
Vendor
CVE Published:
21 February 2025

Summary

The User Registration Forms plugin, which enables user registrations and content restrictions on WordPress sites, has a vulnerability that allows unauthorized attackers to access sensitive user information. This exposure occurs due to publicly accessible log files, resulting in potentially harmful data leaks that could compromise user privacy. All versions of the plugin up to and including 3.8.3.9 are impacted, emphasizing the need for immediate updates to secure user data.

Affected Version(s)

Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction * <= 3.8.3.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/pie-register/t...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

wesley
.