VYPR

User Registration

by WordPress

Source repositories

CVEs (28)

  • CVE-2023-3342CriJul 13, 2023
    risk 0.58cvss 9.9epss 0.01

    The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated…

  • CVE-2026-0844HigJan 28, 2026
    risk 0.57cvss 8.8epss 0.00

    The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profile_save_field' function. This makes it possible for authenticated attackers, with minimal permissions such…

  • CVE-2025-67956HigJan 22, 2026
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.6.

  • CVE-2024-2417HigMay 2, 2024
    risk 0.50cvss 8.8epss 0.01

    The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the form_save_action() function in all versions up to, and including, 3.1.5. This…

  • CVE-2023-3343HigJul 13, 2023
    risk 0.50cvss 8.8epss 0.01

    The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions and above,…

  • CVE-2026-25425HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions.

  • CVE-2023-27459HigMar 26, 2024
    risk 0.48cvss 7.4epss 0.01

    Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1.

  • CVE-2025-12160HigNov 21, 2025
    risk 0.47cvss 7.2epss 0.00

    The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpr_admin_msg' parameter in all versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2026-42652HigApr 29, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through <= 5.1.5.

  • CVE-2026-6203MedApr 13, 2026
    risk 0.40cvss 6.1epss 0.01

    The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirect_to_on_logout' GET parameter before redirecting users. The…

  • CVE-2024-4958HigJun 1, 2024
    risk 0.39cvss 7.1epss 0.00

    The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including,…

  • CVE-2023-23987MedApr 6, 2023
    risk 0.38cvss 5.9epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin <= 2.3.0 versions.

  • CVE-2025-13367MedDec 15, 2025
    risk 0.35cvss 6.4epss 0.00

    The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in all versions up to, and including,…

  • CVE-2025-6831MedJul 22, 2025
    risk 0.35cvss 6.4epss 0.00

    The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcr_restrict shortcode in all versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-3295MedMay 2, 2024
    risk 0.35cvss 6.5epss 0.01

    The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profile_pic_remove function in versions up to, and including, 3.1.5. This…

  • CVE-2026-4056MedMar 24, 2026
    risk 0.28cvss 5.4epss 0.00

    The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions 5.0.1 through 5.1.4. This is due to the `check_permissions()` method only…

  • CVE-2026-24353MedJan 22, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9.

  • CVE-2026-7651MedMay 28, 2026
    risk 0.27cvss 5.3epss 0.00

    The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is…

  • CVE-2025-9085MedSep 6, 2025
    risk 0.25cvss 4.9epss 0.00

    The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible…

  • CVE-2024-1720MedMar 7, 2024
    risk 0.24cvss 4.7epss 0.01

    The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 3.1.4 due to insufficient input sanitization…

Page 1 of 2