Description
WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction is prone to multiple vulnerabilities, including cross-site scripting and SQL injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to compromise the application, access or modify data or to exploit vulnerabilities in the underlying database. WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction version 2.0.18 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0.19 or latest
References
http://seclists.org/bugtraq/2015/Oct/64
http://seclists.org/bugtraq/2015/Oct/63
https://packetstormsecurity.com/files/133929/WordPress-Pie-Register-2.0.18-SQL-Injection.html
https://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html
Related Vulnerabilities
WordPress Plugin WooCommerce Conversion Tracking Cross-Site Request Forgery (2.0.4)
phpList Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-2916)
Oracle JRE CVE-2018-2627 Vulnerability (CVE-2018-2627)
Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2080)