Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and previous versions for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
devbits register-plus 3.4.1 |
||
devbits register-plus 3.4 |
||
devbits register-plus 2.8 |
||
devbits register-plus 2.7 |
||
devbits register-plus 2.0 |
||
devbits register-plus 1.2 |
||
devbits register-plus |
||
devbits register-plus 3.5 |
||
devbits register-plus 3.0.1 |
||
devbits register-plus 3.0 |
||
devbits register-plus 2.9 |
||
devbits register-plus 2.2 |
||
devbits register-plus 2.1 |
||
devbits register-plus 3.3 |
||
devbits register-plus 3.2 |
||
devbits register-plus 2.6 |
||
devbits register-plus 2.5 |
||
devbits register-plus 1.1 |
||
devbits register-plus 3.1 |
||
devbits register-plus 3.0.2 |
||
devbits register-plus 2.4 |
||
devbits register-plus 2.3 |
Vulmon