User Registration Wpeverest User Registration

  1. Vendors
  2. Wpeverest
  3. User Registration

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Wpeverest User Registration.

By the Year

In 2026 there have been 15 vulnerabilities in Wpeverest User Registration with an average score of 6.6 out of ten. Last year, in 2025 User Registration had 7 security vulnerabilities published. That is, 8 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.03.




Year Vulnerabilities Average Score
2026 15 6.60
2025 7 5.57
2024 6 6.63
2023 4 7.35
2022 1 7.50
2021 1 5.40

It may take a day or so for new User Registration vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Wpeverest User Registration Security Vulnerabilities

WP Plugin IDOR: Delete Media as Subscriber (5.1.5)
CVE-2026-7651 5.3 - Medium - May 28, 2026

The User Registration & Membership Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing ownership validation on a user-controlled attachment ID, allowing the plugin to store and subsequently delete arbitrary media attachments without verifying that the referenced attachment belongs to the requesting user. This makes it possible for authenticated attackers, with subscriber-level access and above, to permanently delete arbitrary media attachments uploaded by any other user, including administrators.

Insecure Direct Object Reference / IDOR

WP User Registration & Membership 5.1.5 Missing Auth (CVE-2026-6145)
CVE-2026-6145 5.3 - Medium - May 14, 2026

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the is_admin_creation_process() method relying solely on the presence of action=createuser in the $_REQUEST superglobal without performing any authentication or capability check. This makes it possible for unauthenticated attackers to bypass the admin approval requirement when registering new accounts via the fallback submission path.

AuthZ

WP User Reg. & Membership v5.1.4: embed_form_action() Lacks Cap Check
CVE-2026-3601 4.3 - Medium - May 05, 2026

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `embed_form_action()` function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to append shortcode content to arbitrary pages they do not own or have permission to edit.

AuthZ

User Registration Advanced Fields Plugin 1.6.20 Arbitrary File Upload
CVE-2026-4882 9.8 - Critical - May 02, 2026

The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The vulnerability can only be exploited if a "Profile Picture" field is added to the form.

Unrestricted File Upload

WordPress Plugin User Registration 5.1.5 Reflected XSS via Input Fields
CVE-2026-42652 7.1 - High - April 29, 2026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through <= 5.1.5.

XSS

WordPress UR&M Plugin <5.1.4 Open Redirect via redirect_to_on_logout
CVE-2026-6203 6.1 - Medium - April 13, 2026

The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirect_to_on_logout' GET parameter before redirecting users. The `redirect_to_on_logout` GET parameter is passed directly to WordPress's `wp_redirect()` function instead of the domain-restricted `wp_safe_redirect()`. While `esc_url_raw()` is applied to sanitize malformed URLs, it does not restrict the redirect destination to the local domain, allowing an attacker to craft a specially formed link that redirects users to potentially malicious external URLs after logout, which could be used to facilitate phishing attacks.

Open Redirect

User Registration & Membership WP Plugin SQLi via membership_ids[] up to 5.1.2
CVE-2026-1865 6.5 - Medium - April 08, 2026

The User Registration & Membership Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to SQL Injection via the membership_ids[] parameter in all versions up to, and including, 5.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

SQL Injection

WP Everest User Registration <=4.4.9 Privilege Escalation
CVE-2026-32488 8.1 - High - March 25, 2026

Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through <= 4.4.9.

Incorrect Privilege Assignment

WordPress | user-registration-membership plugin v5.0.1-5.1.4: Unauthorized Content Access Rules Modi
CVE-2026-4056 5.4 - Medium - March 23, 2026

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions 5.0.1 through 5.1.4. This is due to the `check_permissions()` method only checking for `edit_posts` capability instead of an administrator-level capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to list, create, modify, toggle, duplicate, and delete site-wide content restriction rules, potentially exposing restricted content or denying legitimate user access.

AuthZ

WP Plugin 'User Registration & Membership' <=5.1.2 Privilege Escalation
CVE-2026-1492 9.8 - Critical - March 03, 2026

The User Registration & Membership Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a user-supplied role during membership registration without properly enforcing a server-side allowlist. This makes it possible for unauthenticated attackers to create administrator accounts by supplying a role value during membership registration.

Improper Privilege Management

Auth Bypass in WP User Registration Plugin 5.1.2 via register_member
CVE-2026-1779 8.1 - High - February 26, 2026

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthenticated attackers to log in a newly registered user on the site who has the 'urm_user_just_created' user meta set.

Authentication Bypass Using an Alternate Path or Channel

IDOR in WordPress URM Plugin <=5.1.2: Unauth Delete Accounts
CVE-2026-2356 5.3 - Medium - February 26, 2026

The User Registration & Membership Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'register_member' function, due to missing validation on the 'member_id' user controlled key. This makes it possible for unauthenticated attackers to delete arbitrary user accounts that newly registered on the site who has the 'urm_user_just_created' user meta set.

Authorization

Missing Auth in WPEverest User Registration Plugin v<=4.4.9
CVE-2026-24353 4.3 - Medium - January 22, 2026

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9.

AuthZ

User Registration <=4.4.6: Missing Authorization via Access Control (WPeverest)
CVE-2025-67956 8.2 - High - January 22, 2026

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.6.

AuthZ

CVE-2025-14976: CSRF delete post in WP User Registration 4.4.8
CVE-2025-14976 5.4 - Medium - January 10, 2026

The User Registration & Membership Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce validation on the 'process_row_actions' function with the 'delete' action. This makes it possible for unauthenticated attackers to delete arbitrary post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Session Riding

Stored XSS via shortcodes in User Registration & Membership v4.4.6 WP plugin
CVE-2025-13367 6.4 - Medium - December 15, 2025

The User Registration & Membership Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

XSS

SQLi in User Reg & Membership Plugin v4.3.0 for WordPress
CVE-2025-9085 4.9 - Medium - September 06, 2025

The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

SQL Injection

Stored XSS in User Registration WP Plugin <=4.2.4
CVE-2025-6831 6.4 - Medium - July 22, 2025

The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcr_restrict shortcode in all versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

XSS

User Registration & Membership Plugin 4.2.1 IDOR: Unauth. Deletes Users
CVE-2025-3281 5.3 - Medium - May 06, 2025

The User Registration & Membership Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.1 via the create_stripe_subscription() function, due to missing validation on the 'member_id' user controlled key. This makes it possible for unauthenticated attackers to delete arbitrary user accounts that have registered through the plugin.

Insecure Direct Object Reference / IDOR

User Registration & Membership Plugin <=4.1.3 IDR Allows Unauth Password Change
CVE-2025-3292 4.3 - Medium - April 12, 2025

The User Registration & Membership Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_update_profile_details() due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to update other user's passwords, if they have access to the user ID and email.

Insecure Direct Object Reference / IDOR

wpeverest UserReg Stored XSS (v4.0.3 & earlier)
CVE-2025-30899 - March 27, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Stored XSS.This issue affects User Registration: from n/a through <= 4.0.3.

XSS

XSS via 's' param in User Registration & Membership plugin v<=4.0.4
CVE-2025-1511 6.1 - Medium - February 28, 2025

The User Registration & Membership Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

XSS

Missing Authorization in WPEverest User Registration (<=2.3.2.1)
CVE-2023-29429 5.3 - Medium - December 09, 2024

Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1.

AuthZ

WordPress Plugin: Unauthorized import_form_action Role Escalation ( 3.2.0.1)
CVE-2024-4958 7.1 - High - June 01, 2024

The User Registration Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it possible for authenticated attackers, with contributor-level permissions and above, to import a registration form with a default user role of administrator. If an administrator approves or publishes a post or page with the shortcode to the imported form, any user can register as an administrator.

AuthZ

WordPress Plugin 'CRF-Login-Profile' (3.1.5) Allows UAC Deleting Media
CVE-2024-3295 6.5 - Medium - May 02, 2024

The User Registration Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profile_pic_remove function in versions up to, and including, 3.1.5. This makes it possible for unauthenticated attackers to delete any media file.

AuthZ

Privilege Escalation: User Registration WP Plugin <=3.1.5
CVE-2024-2417 8.8 - High - May 02, 2024

The User Registration Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the form_save_action() function in all versions up to, and including, 3.1.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the registration form and make the default registration role administrator. This subsequently allows the attacker to register an account as an administrator on the site.

AuthZ

Untrusted Deserialization in WPEverest User Registration 2.3.2.1
CVE-2023-27459 7.4 - High - March 26, 2024

Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1.

Marshaling, Unmarshaling

WordPress Plugin 'User Registration' Stored XSS via Display Name (<=3.1.4)
CVE-2024-1720 4.7 - Medium - March 07, 2024

The User Registration Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution.

XSS

Stored XSS in User Registration WP Plugin before 3.0.4.2 Settings Escaping
CVE-2023-5228 4.8 - Medium - November 06, 2023

The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

XSS

User Reg WP Plugin v3.0.2 Arbitrary File Upload CVE-2023-3342
CVE-2023-3342 9.9 - Critical - July 13, 2023

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1.

Unrestricted File Upload

User Registration Plugin <=3.0.1 PHP Object Injection (POI) Vulnerability
CVE-2023-3343 8.8 - High - July 13, 2023

The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Marshaling, Unmarshaling

Auth+ Stored XSS in WPEverest User Registration WP Plugin v2.3.0
CVE-2023-23987 5.9 - Medium - April 06, 2023

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin <= 2.3.0 versions.

XSS

User Reg WP Plugin 2.2.4.1 Unchecked File Upload (CVE-2022-3912)
CVE-2022-3912 7.5 - High - December 12, 2022

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.

Unrestricted File Upload

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly
CVE-2021-24654 5.4 - Medium - October 04, 2021

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Wpeverest User Registration or by Wpeverest? Click the Watch button to subscribe.

Wpeverest
Vendor

Wpeverest User Registration
Product

subscribe