VYPR

Jay Login Register

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-15027CriFeb 8, 2026
    risk 0.64cvss 9.8epss 0.00

    The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_login_register_ajax_create_final_user' function. This makes…

  • CVE-2025-15100HigFeb 8, 2026
    risk 0.57cvss 8.8epss 0.00

    The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_panel_ajax_update_profile' function. This makes it possible…

  • CVE-2025-14440CriDec 13, 2025
    risk 0.57cvss 9.8epss 0.01

    The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authentication checking in the 'jay_login_register_process_switch_back' function with the…

  • CVE-2026-1503MedMar 21, 2026
    risk 0.28cvss 4.3epss 0.00

    The login_register plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.2.0. This is due to missing nonce validation on the settings page and insufficient input sanitization and output escaping on…