CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

70 matches found

Patchstack•added last week•7 views

WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin User Registration versions = 5.1.2...

5.8AI score

Exploits0Affected Software1

Patchstack•added 2026/05/27 12:0 a.m.•4 views

WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Media Deletion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin User Registration versions = 5.1.5...

5.3CVSS5.8AI score0.0004EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/04/14 2:35 a.m.•1 views

WordPress User Registration & Membership plugin <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter vulnerability

Unauthenticated Open Redirect via 'redirecttoonlogout' Parameter vulnerability discovered by Anthony Cihan Hann1bl3L3ct3r - Obviam in WordPress Plugin User Registration versions = 5.1.4...

6.1CVSS5.8AI score0.00759EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/04/10 9:42 a.m.•3 views

WordPress User Registration & Membership plugin <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[] vulnerability

Authenticated Subscriber+ SQL Injection via membershipids vulnerability discovered by WordFence in WordPress Plugin User Registration versions = 5.1.2...

6.5CVSS6AI score0.00033EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/04/09 8:54 p.m.•3 views

WordPress User Registration plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by raihan adi arba in WordPress Plugin User Registration versions = 5.1.5...

7.1CVSS5.1AI score0.00039EPSS

Exploits0Affected Software1

Patchstack•added 2026/03/23 3:21 p.m.•2 views

WordPress User Registration plugin <= 4.4.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by 0xd4rk5id3 in WordPress Plugin User Registration versions = 4.4.9...

8.1CVSS5.8AI score0.00062EPSS

Exploits0Affected Software1

Positive Technologies•added 2026/02/26 12:0 a.m.•2 views

PT-2026-22113

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'register member' function, due to missing validation on the 'member id' user...

5.3CVSS5.5AI score0.00055EPSS

Exploits0References3

CVE•added 2026/01/28 11:23 a.m.•8 views

CVE-2026-0844

CVE-2026-0844 impacts the WordPress Simple User Registration plugin (

8.8CVSS5.9AI score0.00079EPSS

Exploits0References4

CVE•added 2026/01/22 4:52 p.m.•7 views

CVE-2026-24353

CVE-2026-24353 affects the WordPress plugin User Registration (WordPress User Registration plugin) up to version 4.4.9. Root cause: Missing/incorrect authorization configuration enabling an attacker to perform actions (arbitrary shortcode execution) via user-registration area. Impact per sources ...

4.3CVSS5.4AI score0.00046EPSS

Exploits0References1

RedhatCVE•added 2026/01/13 10:53 p.m.•1 views

CVE-2025-14976

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce...

5.4CVSS5.5AI score0.00027EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:12 a.m.•3 views

CVE-2022-0232

The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loadertext parameter found in the /includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary we...

4.8CVSS5.9AI score0.00432EPSS

Exploits1References1

Patchstack•added 2026/01/08 6:6 p.m.•2 views

WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by Kishan Vyas in WordPress Plugin User Registration versions = 4.4.9...

8.1CVSS5.5AI score0.00046EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/01/07 9:17 a.m.•10 views

CVE-2025-1511

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes...

6.1CVSS6.3AI score0.00534EPSS

Exploits0References1

Patchstack•added 2025/12/15 10:59 p.m.•3 views

WordPress User Registration & Membership plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin User Registration versions = 4.4.6...

6.4CVSS5.6AI score0.00031EPSS

Exploits0References1Affected Software1