From d42a5a586d35a629a4711e189309b7d6068b65ce Mon Sep 17 00:00:00 2001 From: Armanul46 <47377178+Armanul46@users.noreply.github.com> Date: Wed, 18 Feb 2026 14:38:10 +0600 Subject: [PATCH 1/2] fixed security issue --- includes/classes/class-ajax-handler.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/includes/classes/class-ajax-handler.php b/includes/classes/class-ajax-handler.php index 3be13245a4..b7ac9be618 100644 --- a/includes/classes/class-ajax-handler.php +++ b/includes/classes/class-ajax-handler.php @@ -743,6 +743,16 @@ public function guest_reception() { wp_send_json( $data, 200 ); } + if ( ! get_option( 'users_can_register' ) ) { + $data = [ + 'status' => false, + 'status_code' => 'registration_disabled', + 'message' => __( 'User registration is currently disabled.', 'directorist' ), + 'data' => null, + ]; + wp_send_json( $data, 200 ); + } + // Get the data $email = ( ! empty( $_REQUEST['email'] ) ) ? sanitize_email( wp_unslash( $_REQUEST['email'] ) ) : ''; From 72ab6f0280607959f2d4f3850808084bc12de502 Mon Sep 17 00:00:00 2001 From: Armanul46 <47377178+Armanul46@users.noreply.github.com> Date: Wed, 18 Feb 2026 15:36:07 +0600 Subject: [PATCH 2/2] fixed security issue in guest user submission --- includes/classes/class-ajax-handler.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/classes/class-ajax-handler.php b/includes/classes/class-ajax-handler.php index b7ac9be618..832464a9a4 100644 --- a/includes/classes/class-ajax-handler.php +++ b/includes/classes/class-ajax-handler.php @@ -743,7 +743,7 @@ public function guest_reception() { wp_send_json( $data, 200 ); } - if ( ! get_option( 'users_can_register' ) ) { + if ( ! get_option( 'users_can_register' ) || ! directorist_is_user_registration_enabled() ) { $data = [ 'status' => false, 'status_code' => 'registration_disabled',