Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.8 views

CVE-2026-7651

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...

5.3CVSS5.6AI score0.0035EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 6:45 a.m.12 views

CVE-2026-7651 User Registration & Membership <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion via 'profile-pic-url' Parameter

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...

5.3CVSS5.9AI score0.0035EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/14 8:24 a.m.47 views

CVE-2026-6145 User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the isadmincreationprocess method relying solely on the presence of action=createuser in the $REQUEST superglobal without performing any...

5.3CVSS0.00445EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/05 8:27 a.m.7 views

CVE-2026-3601 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the embedformaction function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level acce...

4.3CVSS5.9AI score0.003EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/04/20 1:51 a.m.108 views

Exploit for CVE-2025-2563

CVE-2025-2563 — User Registration & Membership | Full-Chain Ad...

8.1CVSS7.5AI score0.44413EPSS
Exploits7
Cvelist
Cvelist
added 2026/04/13 10:25 p.m.26 views

CVE-2026-6203 User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter

The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirecttoonlogout' GET parameter before redirecting users. The redirecttoonlogout GET paramet...

6.1CVSS0.00663EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/23 11:25 p.m.4 views

CVE-2026-4056 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions 5.0.1 through 5.1.4. This is due to the checkpermissions method only checking for editposts...

5.4CVSS5.8AI score0.00182EPSS
Exploits0References4
CVE
CVE
added 2026/03/23 11:25 p.m.8 views

CVE-2026-4056

The CVE-2026-4056 entry concerns the WordPress plugin “User Registration & Membership.” The vulnerability arises from a missing capability check in the Content Access Rules REST API endpoints, where the code path only validates the edit_posts permission instead of an administrator-level capabilit...

5.4CVSS5.8AI score0.00182EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/10 8:22 a.m.2 views

CVE-2025-14976 User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce...

5.4CVSS5.1AI score0.00123EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/10 8:22 a.m.26 views

CVE-2025-14976 User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce...

5.4CVSS0.00123EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/18 12:0 a.m.3 views

WordPress plugin User Registration & Membership – Custom Registration Form, Login Form, and User Profile 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin User...

4.3CVSS5.9AI score0.00133EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/14 6:0 a.m.20 views

CVE-2025-2563 User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation

The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges...

7.3AI score0.44413EPSS
Exploits7References1
Rows per page
Query Builder