Skip to main content

User Registration

9 CVEs product

Monthly

CVE-2026-25425 HIGH This Week

Unauthenticated availability-impacting broken access control affects the ThemeGrill User Registration WordPress plugin versions 5.1.2 and earlier, allowing remote attackers to invoke privileged actions without credentials. The CVSS 7.5 score (AV:N/AC:L/PR:N/UI:N) reflects pure availability impact (A:H) with no confidentiality or integrity loss, and no public exploit identified at time of analysis. The flaw is classified as CWE-862 Missing Authorization and tracked by Patchstack and ENISA EUVD-2026-36911.

Authentication Bypass User Registration
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-42652 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through <= 5.1.5.

XSS User Registration
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-32488 HIGH This Week

A privilege escalation vulnerability exists in the wpeverest User Registration WordPress plugin through version 4.4.9 due to incorrect privilege assignment (CWE-266). This flaw allows authenticated or unauthenticated attackers to escalate their privileges within the plugin, potentially gaining administrative access or elevated capabilities. No CVSS score, EPSS data, or KEV status has been published, limiting quantification of real-world exploitation risk, though the vulnerability was reported by Patchstack and affects all installations running version 4.4.9 or earlier.

Privilege Escalation User Registration
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-1511 MEDIUM PATCH This Month

The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS User Registration PHP
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-5228 MEDIUM POC This Month

The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS User Registration
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-3343 HIGH PATCH This Week

The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress Information Disclosure User Registration
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-3342 CRITICAL POC PATCH Act Now

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE WordPress File Upload User Registration
NVD VulDB
CVSS 3.1
9.9
EPSS
6.4%
CVE-2022-3912 HIGH POC This Week

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload User Registration
NVD WPScan
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-24654 MEDIUM POC This Month

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS User Registration
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated availability-impacting broken access control affects the ThemeGrill User Registration WordPress plugin versions 5.1.2 and earlier, allowing remote attackers to invoke privileged actions without credentials. The CVSS 7.5 score (AV:N/AC:L/PR:N/UI:N) reflects pure availability impact (A:H) with no confidentiality or integrity loss, and no public exploit identified at time of analysis. The flaw is classified as CWE-862 Missing Authorization and tracked by Patchstack and ENISA EUVD-2026-36911.

Authentication Bypass User Registration
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through <= 5.1.5.

XSS User Registration
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A privilege escalation vulnerability exists in the wpeverest User Registration WordPress plugin through version 4.4.9 due to incorrect privilege assignment (CWE-266). This flaw allows authenticated or unauthenticated attackers to escalate their privileges within the plugin, potentially gaining administrative access or elevated capabilities. No CVSS score, EPSS data, or KEV status has been published, limiting quantification of real-world exploitation risk, though the vulnerability was reported by Patchstack and affects all installations running version 4.4.9 or earlier.

Privilege Escalation User Registration
NVD VulDB
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS User Registration +1
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS User Registration
NVD WPScan
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress +2
NVD VulDB
EPSS 6% CVSS 9.9
CRITICAL POC PATCH Act Now

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE WordPress File Upload +1
NVD VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +1
NVD WPScan
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS User Registration
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy