CVE-2024-1290

Name of the Vulnerable Software and Affected Versions User Registration WordPress plugin versions prior to 2.12

Description The issue allows users with at least the contributor role to render sensitive shortcodes, which can be used to generate and leak valid password reset URLs. This enables them to take over any accounts.

Recommendations For versions prior to 2.12, update to version 2.12 or later to resolve the issue. As a temporary workaround, consider restricting the contributor role from accessing sensitive shortcodes until the update is applied.