CVE-2026-24353
- EPSS 0.04%
- Veröffentlicht 22.01.2026 16:52:43
- Zuletzt bearbeitet 26.01.2026 19:16:27
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9.
CVE-2025-67956
- EPSS 0.04%
- Veröffentlicht 22.01.2026 16:51:56
- Zuletzt bearbeitet 29.01.2026 19:16:17
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.6.
CVE-2025-6831
- EPSS 0.05%
- Veröffentlicht 22.07.2025 01:44:28
- Zuletzt bearbeitet 22.07.2025 13:05:40
The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcr_restrict shortcode in all versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied a...
CVE-2025-39400
- EPSS 0.17%
- Veröffentlicht 24.04.2025 16:15:32
- Zuletzt bearbeitet 16.01.2026 14:24:20
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Reflected XSS. This issue affects User Registration: from n/a through n/a.
CVE-2025-30899
- EPSS 0.15%
- Veröffentlicht 27.03.2025 10:55:49
- Zuletzt bearbeitet 20.01.2026 21:51:30
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Stored XSS. This issue affects User Registration: from n/a through 4.0.3.
CVE-2025-1511
- EPSS 0.68%
- Veröffentlicht 28.02.2025 06:15:25
- Zuletzt bearbeitet 06.03.2025 17:52:55
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 4.0.4 due to insufficient inp...
CVE-2023-29429
- EPSS 0.17%
- Veröffentlicht 09.12.2024 13:15:27
- Zuletzt bearbeitet 19.03.2025 17:24:57
Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1.
CVE-2024-4958
- EPSS 0.72%
- Veröffentlicht 01.06.2024 08:15:08
- Zuletzt bearbeitet 21.11.2024 09:43:56
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions...
CVE-2024-3295
- EPSS 0.51%
- Veröffentlicht 02.05.2024 17:15:24
- Zuletzt bearbeitet 21.11.2024 09:29:20
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profile_pic_remove function in versions up to, an...
CVE-2024-2417
- EPSS 0.53%
- Veröffentlicht 02.05.2024 17:15:17
- Zuletzt bearbeitet 21.11.2024 09:09:42
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the form_save_action() function in all versions up to, and...