Unknown User Registration vulnerabilities

CVE-2024-1290 [MEDIUM] CWE-269 CVE-2024-1290: The User Registration WordPress plugin before 2.12 does not prevent users with at least the contribu The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts.

CVE-2023-5228 [MEDIUM] CWE-79 CVE-2023-5228: The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its setti The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVE-2022-3912 [HIGH] CWE-434 CVE-2022-3912: The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be upl The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.