Description
WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset passwords of random users if account id's are known. WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction version 2.0.13 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0.14 or latest
References
http://security.szurek.pl/pie-register-2013-privilege-escalation.html
Related Vulnerabilities
WordPress Plugin Gettext override translations Cross-Site Scripting (1.0.1)
osTicket Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2019-14749)
WordPress Plugin Feedify-Web Push Notifications Cross-Site Scripting (2.1.8)
WordPress Plugin WP Plugin Manager (WPPM) Cross-Site Scripting (1.6.4.b)
WordPress Plugin Visitors Online by BestWebSoft Cross-Site Scripting (0.9)