Description
WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset passwords of random users if account id's are known. WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction version 2.0.13 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0.14 or latest
References
http://security.szurek.pl/pie-register-2013-privilege-escalation.html
Related Vulnerabilities
WordPress Plugin User Role Editor Cross-Site Scripting (4.37)
WordPress Plugin Ajax Store Locator SQL Injection (1.2.0)
MySQL CVE-2020-14827 Vulnerability (CVE-2020-14827)
WordPress Plugin WordPress Connect Cross-Site Scripting (2.0.3)
WordPress Plugin Simple:Press-WordPress Forum Arbitrary File Upload (6.6.0)