EUVD-2026-27241

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the embedformaction function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level acce...

PT-2026-36994

Name of the Vulnerable Software and Affected Versions User Registration & Membership plugin for WordPress versions prior to 5.1.5 Description A missing capability check in the embed form action function allows authenticated attackers with Contributor-level access or higher to perform unauthorized...

CVE-2025-9519 Easy Timer <= 4.2.1 - Authenticated (Editor+) Remote Code Execution via Shortcode

The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and...

CVE-2025-7507

The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-lev...