Wpeverest

User Registration & Membership

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-7651

  • EPSS 0.35%
  • Veröffentlicht 28.05.2026 06:45:39
  • Zuletzt bearbeitet 28.05.2026 13:45:25

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and...

5.3

CVE-2026-6145

  • EPSS 0.45%
  • Veröffentlicht 14.05.2026 08:24:27
  • Zuletzt bearbeitet 14.05.2026 14:28:41

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the is_admin_creation_process() method relying solely on the presence of action=createuser in t...

4.3

CVE-2026-3601

  • EPSS 0.3%
  • Veröffentlicht 05.05.2026 09:16:03
  • Zuletzt bearbeitet 05.05.2026 19:08:20

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `embed_form_action()` function in all versions up to, and including, 5.1.4. This makes it possible for...

6.1

CVE-2026-6203

  • EPSS 0.66%
  • Veröffentlicht 13.04.2026 22:25:54
  • Zuletzt bearbeitet 22.04.2026 20:23:16

The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirect_to_on_logout' GET parameter before red...

6.5

CVE-2026-1865

  • EPSS 0.31%
  • Veröffentlicht 08.04.2026 11:16:56
  • Zuletzt bearbeitet 24.04.2026 18:05:09

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to SQL Injection via the ‘membership_ids[]’ parameter in all v...

5.4

CVE-2026-4056

  • EPSS 0.18%
  • Veröffentlicht 23.03.2026 23:25:49
  • Zuletzt bearbeitet 24.04.2026 16:32:53

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions 5.0.1 through 5.1.4. This is due to the `check_per...

8.1

CVE-2026-1779

  • EPSS 0.34%
  • Veröffentlicht 26.02.2026 03:16:03
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthentica...

5.3

CVE-2025-3281

  • EPSS 0.38%
  • Veröffentlicht 06.05.2025 07:24:21
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.1 via the create_stripe_subscription() functi...