| CVE-2026-1779 | User Registration & Membership <= 5.1.2 - Authentication Bypass | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 8.1 | 2026-02-26 02:23:56 | Deep Dive |
| CVE-2026-1404 | Ultimate Member <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.1 | 2026-02-18 14:24:59 | Deep Dive |
| CVE-2025-14444 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Medium | 5.3 | 2026-02-18 10:20:48 | Deep Dive |
| CVE-2020-36945 | WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass | WEBDAMN.COM | WebDamn User Registration & Login System with User Panel | High | 8.2 | 2026-01-28 17:35:07 | Deep Dive |
| CVE-2026-0844 | Simple User Registration <= 6.7 - Authenticated (Subscriber+) Privilege Escalation via profile_save_field | nmedia | Simple User Registration | High | 8.8 | 2026-01-28 11:23:40 | Deep Dive |
| CVE-2026-1054 | RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Medium | 5.3 | 2026-01-28 07:27:35 | Deep Dive |
| CVE-2026-24353 | WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability | wpeverest | User Registration | Medium | 4.3 | 2026-01-22 16:52:43 | Deep Dive |
| CVE-2025-67956 | WordPress User Registration plugin <= 4.4.6 - Broken Access Control vulnerability | wpeverest | User Registration | - | - | 2026-01-22 16:51:56 | Deep Dive |
| CVE-2025-12825 | User Registration Using Contact Form 7 <= 2.5 - Authenticated (Subscriber+) Information Exposure | zealopensource | User Registration Using Contact Form 7 | Medium | 5.3 | 2026-01-17 04:34:02 | Deep Dive |
| CVE-2025-15403 | RegistrationMagic <= 6.0.7.1 - Unauthenticated Privilege Escalation via admin_order | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Critical | 9.8 | 2026-01-17 02:22:32 | Deep Dive |
| CVE-2025-14976 | User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.4 | 2026-01-10 08:22:57 | Deep Dive |
| CVE-2025-14047 | WP User Frontend <= 4.2.4 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion | wedevs | User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration | Medium | 5.3 | 2026-01-02 01:48:20 | Deep Dive |
| CVE-2025-13220 | Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2025-12-21 03:20:06 | Deep Dive |
| CVE-2025-12492 | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2025-12-20 08:22:10 | Deep Dive |
| CVE-2025-14081 | Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 4.3 | 2025-12-17 18:21:36 | Deep Dive |
| CVE-2025-13217 | Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value' | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2025-12-17 18:21:35 | Deep Dive |
| CVE-2025-13610 | RegistrationMagic <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_Forms' Shortcode | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Medium | 6.4 | 2025-12-15 14:25:11 | Deep Dive |
| CVE-2025-13367 | User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.4 | 2025-12-15 14:25:10 | Deep Dive |
| CVE-2025-13642 | ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 5.4 | 2025-12-09 15:23:48 | Deep Dive |
| CVE-2025-12160 | Simple User Registration <= 6.6 - Unauthenticated Stored Cross-Site Scripting | nmedia | Simple User Registration | High | 7.2 | 2025-11-21 09:27:01 | Deep Dive |