VYPR

User Registration \& Membership

by WordPress

Source repositories

CVEs (7)

  • CVE-2025-3284MedApr 19, 2025
    risk 0.28cvss 4.3epss 0.00

    The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.3. This is due to missing or incorrect nonce validation on the…

  • CVE-2025-3281MedMay 6, 2025
    risk 0.27cvss 5.3epss 0.00

    The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.1 via the create_stripe_subscription() function, due to missing…

  • CVE-2025-2563Apr 14, 2025
    risk 0.10cvss epss 0.44

    The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges

  • CVE-2025-2594Apr 22, 2025
    risk 0.05cvss epss 0.07

    The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.

  • CVE-2025-3282Apr 12, 2025
    risk 0.00cvss epss 0.00

    The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_member() due to missing…

  • CVE-2025-3292Apr 12, 2025
    risk 0.00cvss epss 0.00

    The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_update_profile_details() due to missing…

  • CVE-2025-1511Feb 28, 2025
    risk 0.00cvss epss 0.00

    The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output…