Description
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profile_pic_remove function in versions up to, and including, 3.1.5. This makes it possible for unauthenticated attackers to delete any media file.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2024-31885 | The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profile_pic_remove function in versions up to, and including, 3.1.5. This makes it possible for unauthenticated attackers to delete any media file. |
References
History
Fri, 10 Apr 2026 04:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Apr 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion | |
| Weaknesses | CWE-862 |
Subscriptions
No data.
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-04-08T17:04:45.940Z
Reserved: 2024-04-04T00:33:59.524Z
Link: CVE-2024-3295
Updated: 2024-08-01T20:05:08.400Z
Status : Deferred
Published: 2024-05-02T17:15:24.190
Modified: 2026-06-17T07:43:44.050
Link: CVE-2024-3295
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-862
Missing Authorization
EUVD