User Registration Membership

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-2594 HIGH POC This Week

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress Information Disclosure User Registration Membership PHP
NVD WPScan Exploit-DB
CVSS 3.1
8.1
EPSS
7.4%
CVE-2025-2563 HIGH POC THREAT Act Now

The User Registration & Membership WordPress plugin before version 4.1.2 fails to prevent users from setting their account role when the Membership Addon is enabled. This allows unauthenticated users to register with administrator privileges, bypassing all intended access controls.

WordPress Privilege Escalation User Registration Membership PHP
NVD WPScan
CVSS 3.1
8.1
EPSS
83.9%
CVE-2025-3292 MEDIUM PATCH This Month

The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass User Registration Membership PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-3282 MEDIUM PATCH This Month

The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass User Registration Membership PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-2594
EPSS 7% CVSS 8.1
HIGH POC This Week

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress Information Disclosure User Registration Membership +1
NVD WPScan Exploit-DB
CVE-2025-2563
EPSS 84% CVSS 8.1
HIGH POC THREAT Act Now

The User Registration & Membership WordPress plugin before version 4.1.2 fails to prevent users from setting their account role when the Membership Addon is enabled. This allows unauthenticated users to register with administrator privileges, bypassing all intended access controls.

WordPress Privilege Escalation User Registration Membership +1
NVD WPScan
CVE-2025-3292
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass User Registration Membership +1
NVD
CVE-2025-3282
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass User Registration Membership +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy