CVSS: 8.1EPSS: %CPEs: 1EXPL: 0CVE-2025-2594 – User Registration & Membership <= 4.1.2 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2025-2594
01 Apr 2025 — The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.1.2. This is due to incorrect authentication in the 'confirm_payment()' function. This makes it possible for unauthenticated attackers to log in an existing user on the site, even an administrator. • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30899 – WordPress User Registration plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-30899
27 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Stored XSS. This issue affects User Registration: from n/a through 4.0.3. The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrar... • https://patchstack.com/database/wordpress/plugin/user-registration/vulnerability/wordpress-user-registration-plugin-4-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2563 – User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-2563
24 Mar 2025 — The User Registration & Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 4.1.1. This is due to insufficient restrictions on role type in the 'prepare_members_data()' function. This makes it possible for unauthenticated attackers to create new user accounts with the 'administrator'' role. • https://github.com/ubaydev/CVE-2025-2563 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49217 – WordPress Adding drop down roles in registration plugin <= 1.1 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-49217
14 Oct 2024 — Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1. The Adding drop down roles in registration plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1. This is due to the plugin not properly restricting what roles a user can register as. This makes it possible for unauthenticated attackers to registe... • https://patchstack.com/database/vulnerability/user-drop-down-roles-in-registration/wordpress-adding-drop-down-roles-in-registration-plugin-1-1-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52209 – WordPress WPForms User Registration plugin <= 2.1.0 - Authenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-52209
18 Jul 2024 — Improper Privilege Management vulnerability in WPForms, LLC. WPForms User Registration allows Privilege Escalation.This issue affects WPForms User Registration: from n/a through 2.1.0. The WPForms User Registration plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.1.0. This is due to a missing capability check when adding a role option to a form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a form that... • https://patchstack.com/database/vulnerability/wpforms-user-registration/wordpress-wpforms-user-registration-plugin-2-1-0-authenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46201 – WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46201
19 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.This issue affects Auto Login New User After Registration: from n/a through 1.9.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Jeff Sherk Auto Login New User After Registration permite almacenar XSS. Este problema afecta Auto Login New User After Registration: desde n/a hasta 1.9.6. The Auto Login New User After Registration plugin for WordPress is vulnerable to Stored Cross-Site... • https://patchstack.com/database/vulnerability/auto-login-new-user-after-registration/wordpress-auto-login-new-user-after-registration-plugin-1-9-6-csrf-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46202 – WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46202
19 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration plugin <= 1.9.6 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Jeff Sherk Auto Login New User After Registration en versiones <= 1.9.6. The Auto Login New User After Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.6. This is due to missing or incorrect nonce validation on the alnuar_auto_login_new_user_aft... • https://patchstack.com/database/vulnerability/auto-login-new-user-after-registration/wordpress-auto-login-new-user-after-registration-plugin-1-9-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40851
https://notcve.org/view.php?id=CVE-2023-40851
16 Oct 2023 — Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page. Vulnerabilidad de Cross Site Scripting (XSS) en Phpgurukul User Registration & Login y User Management System con el panel de administración 3.0 permite a los atacantes ejecutar código arbitrario a través de los campos fname, lname, correo electrónico y contacto de... • https://www.exploit-db.com/exploits/51694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40852
https://notcve.org/view.php?id=CVE-2023-40852
16 Oct 2023 — SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page. Vulnerabilidad de inyección SQL en Phpgurukul User Registration & Login y User Management System con el panel de administración 3.0 permite a los atacantes obtener información confidencial a través de una cadena manipulada en el campo de nombre de usuario administrador... • https://www.exploit-db.com/exploits/51695 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27225
https://notcve.org/view.php?id=CVE-2023-27225
06 Jul 2023 — A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field. • https://medium.com/%40ridheshgohil1092/my-first-cve-2023-27225-f232650f6cde • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •