CVE-2023-5448

Name of the Vulnerable Software and Affected Versions WP Register Profile With Shortcode plugin for WordPress versions up to, and including, 3.5.9

Description The issue is related to Cross-Site Request Forgery. It is caused by missing or incorrect nonce validation on the update password validate function. This allows unauthenticated attackers to reset a user's password via a forged request if they can trick the user into performing a specific action.

Recommendations For WP Register Profile With Shortcode plugin for WordPress versions up to, and including, 3.5.9, update to a version higher than 3.5.9 to resolve the issue. As a temporary workaround, consider disabling the update password validate function until a patch is available.