User Registration & Membership
Approved changes feed: RSS · Atom
cpe:2.3:a:wpeverest:user_registration_\&_membership:*:*:*:*:pro:wordpress:*:*
part: a version: * update: *
| Vendor | Wpeverest (893868fd-7465-5174-8b2f-d1079aaa15d0) |
|---|---|
| Product | User Registration & Membership (f44a0fb8-c509-539d-b724-c205a8757b56) |
| Edition | * |
| Language | * |
| Software edition | pro |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-39400 |
vulnerable | 2026-06-03 15:01:02.266243 |
WordPress User Registration plugin < 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
HIGH (7.1)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through < 4.2.0.
Published: 2025-04-24T16:08:32.039Z
Updated: 2026-04-28T16:12:30.146Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30899 |
vulnerable | 2026-06-03 15:00:29.802511 |
WordPress User Registration plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability
MEDIUM (5.9)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Stored XSS.This issue affects User Registration: from n/a through <= 4.0.3.
Published: 2025-03-27T10:55:49.603Z
Updated: 2026-04-28T16:11:59.970Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-2594 |
vulnerable | 2026-06-03 15:00:25.968147 |
User Registration & Membership < 4.1.3 - Authentication Bypass
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.
Published: 2025-04-22T06:00:06.896Z
Updated: 2025-08-27T12:00:51.368Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-2563 |
vulnerable | 2026-06-03 15:00:25.842560 |
User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation
The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges
Published: 2025-04-14T06:00:09.509Z
Updated: 2025-08-27T12:00:20.215Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.