Wpeverest User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
23 CVEs affecting Wpeverest User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder. Latest disclosed: 2026-05-28. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-3342 | Critical | 9.9 | 2023-07-13 | The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'u… |
CVE-2026-1492 | Critical | 9.8 | 2026-03-03 | The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for Word… |
CVE-2024-2417 | High | 8.8 | 2024-05-02 | The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due… |
CVE-2023-3343 | High | 8.8 | 2023-07-13 | The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input… |
CVE-2026-1779 | High | 8.1 | 2026-02-26 | The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrec… |
CVE-2024-4958 | High | 7.1 | 2024-06-01 | The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification… |
CVE-2026-1865 | Medium | 6.5 | 2026-04-08 | The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin… |
CVE-2024-3295 | Medium | 6.5 | 2024-05-02 | The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data… |
CVE-2025-13367 | Medium | 6.4 | 2025-12-15 | The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin for WordPress i… |
CVE-2025-6831 | Medium | 6.4 | 2025-07-22 | The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcr_restrict shortcode in all versions up to, and inc… |
CVE-2026-6203 | Medium | 6.1 | 2026-04-13 | The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient valid… |
CVE-2025-1511 | Medium | 6.1 | 2025-02-28 | The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scriptin… |
CVE-2026-4056 | Medium | 5.4 | 2026-03-23 | The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Acc… |
CVE-2025-14976 | Medium | 5.4 | 2026-01-10 | The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for Word… |
CVE-2026-7651 | Medium | 5.3 | 2026-05-28 | The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin… |
CVE-2026-6145 | Medium | 5.3 | 2026-05-14 | The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the… |
CVE-2026-2356 | Medium | 5.3 | 2026-02-26 | The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Refere… |
CVE-2025-3281 | Medium | 5.3 | 2025-05-06 | The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Refere… |
CVE-2025-3282 | Medium | 5.3 | 2025-04-12 | The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Refere… |
CVE-2025-9085 | Medium | 4.9 | 2025-09-06 | The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient esca… |