WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass vulnerability

Unauthenticated Missing Authorization to Admin Approval Bypass vulnerability discovered by Anthony Cihan Hann1bl3L3ct3r - Obviam in WordPress Plugin User Registration versions = 5.1.5...

WordPress User Registration & Membership plugin <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation vulnerability

Missing Authorization to Authenticated Contributor+ Content Access Rule Manipulation vulnerability discovered by darkmode in WordPress Plugin User Registration versions = 5.1.4...

WordPress User Registration & Membership plugin <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration vulnerability

Unauthenticated Privilege Escalation via Membership Registration vulnerability discovered by Foxyyy in WordPress Plugin User Registration versions = 5.1.2...

CVE-2025-39400 WordPress User Registration plugin < 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpeverest User Registration allows Reflected XSS. This issue affects User Registration: from n/a through n/a...

PT-2025-16168 · WordPress · User Registration & Membership

Name of the Vulnerable Software and Affected Versions: User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress versions up to, and including, 4.1.3 Description: The issue allows unauthenticated attackers to update other users' passwords if they...

CVE-2023-29429 WordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1...

WordPress User Registration plugin <= 3.1.5 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Stiofan in WordPress Plugin User Registration versions = 3.1.5...

CVE-2023-27459 WordPress User Registration plugin <= 2.3.2.1 - Authenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1...

WordPress plugin User Registration security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress User Registration Plugin <= 3.1.4 is vulnerable to Cross Site Scripting (XSS)

Software User Registration Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1720 Patch priority Low CVSS severity Low 7.1 Developer Masteriyo PSID f3574c07a0a6 Credits stealthcopter Required...

CVE-2023-3343

The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP...

WordPress User Registration Plugin <= 3.0.2 is vulnerable to Arbitrary File Upload

Software User Registration Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.2.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-3342 Patch priority High CVSS severity High 9.9 Developer Masteriyo PSID 9e6954072452 Credits István Márton Required privilege Subscribe...

WordPress User Registration Plugin <= 2.3.2.1 is vulnerable to Broken Access Control

Software User Registration Type Plugin Vulnerable versions = 2.3.2.1 Fixed in 2.3.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-29429 Patch priority Low CVSS severity Low 5.3 Developer Masteriyo PSID 71a1c2a61fc5 Credits Rafshanzani Suhada Required...

WordPress User Registration Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Software User Registration Type Plugin Vulnerable versions = 2.3.0 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23987 Patch priority Low CVSS severity Low 5.9 Developer Masteriyo PSID 518a23296838 Credits Rio Darmawan Required...

WordPress User Registration plugin <= 1.5.5 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by "Mr Winst0n" in WordPress User Registration plugin versions = 1.5.5. Solution Update the WordPress User Registration plugin to the latest available version at least 1.5.6...