An Insecure Direct Object References (IDOR) vulnerability has been identified in the WordPress Simplr Registration Form Plus+ Plugin. This vulnerability could allow a malicious actor to bypass authorization, and authentication, access sensitive files/folders, or interact with the database.

This vulnerability was discovered and responsibly reported by Lana Codes.

The vulnerability is an IDOR vulnerability that occurs in the simplr-registration-form-plus.php file. The vulnerability allows an attacker to exploit a flaw in the way that the plugin handles user input to bypass authorization and authentication.


The IDOR vulnerability has a CVSS 3.1 score of 8.8, which is considered to be high. It demands immediate attention due to the substantial risk it poses to the website’s security and integrity.

Affected Versions:

As of the latest information, no patched version is available to address the IDOR vulnerability in the Simplr Registration Form Plus+ Plugin. Consequently, websites using this plugin are at elevated risk of potential attacks.


An attacker who successfully exploits this vulnerability could:

  • Bypass authorization and authentication to access sensitive information, such as user data, database credentials, and configuration files.
  • Modify or delete sensitive data.
  • Execute arbitrary code on the website.
  • Take full control of the website.


Users of the Simplr Registration Form Plus+ Plugin are strongly advised to uninstall the plugin until a patched version is released.