CVE-2026-1779
- EPSS 0.11%
- Veröffentlicht 26.02.2026 03:16:03
- Zuletzt bearbeitet 27.02.2026 14:06:59
The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthentica...
CVE-2025-3281
- EPSS 0.19%
- Veröffentlicht 06.05.2025 07:24:21
- Zuletzt bearbeitet 07.05.2025 14:13:20
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.1 via the create_stripe_subscription() functi...
CVE-2025-39400
- EPSS 0.17%
- Veröffentlicht 24.04.2025 16:15:32
- Zuletzt bearbeitet 16.01.2026 14:24:20
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Reflected XSS. This issue affects User Registration: from n/a through n/a.
CVE-2025-30899
- EPSS 0.15%
- Veröffentlicht 27.03.2025 10:55:49
- Zuletzt bearbeitet 20.01.2026 21:51:30
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Stored XSS. This issue affects User Registration: from n/a through 4.0.3.
CVE-2023-27459
- EPSS 0.37%
- Veröffentlicht 26.03.2024 20:15:08
- Zuletzt bearbeitet 14.01.2026 17:00:55
Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1.