| CVE-2025-3281 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2025-05-06 07:24:22 | Deep Dive |
| CVE-2025-46459 | WordPress Confirm User Registration plugin <= 2.1.5 - Cross Site Scripting (XSS) Vulnerability | Ralf Hortt | Confirm User Registration | Medium | 5.9 | 2025-04-24 16:09:20 | Deep Dive |
| CVE-2025-39400 | WordPress User Registration plugin < 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability | wpeverest | User Registration | High | 7.1 | 2025-04-24 16:08:32 | Deep Dive |
| CVE-2025-2594 | User Registration & Membership < 4.1.3 - Authentication Bypass | Unknown | User Registration & Membership | 高危 | - | 2025-04-22 06:00:07 | Deep Dive |
| CVE-2025-3284 | User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion | WPEverest | User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress Plugin | Medium | 4.3 | 2025-04-19 02:22:33 | Deep Dive |
| CVE-2025-32655 | WordPress Restrict User Registration plugin <= 1.0.1 - CSRF to Stored XSS vulnerability | DevriX | Restrict User Registration | High | 7.1 | 2025-04-17 15:47:03 | Deep Dive |
| CVE-2025-2314 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.4 | 2025-04-16 01:45:02 | Deep Dive |
| CVE-2025-2563 | User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation | Unknown | User Registration & Membership | - | - | 2025-04-14 06:00:10 | Deep Dive |
| CVE-2025-3282 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2025-04-12 06:37:18 | Deep Dive |
| CVE-2025-3292 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 4.3 | 2025-04-12 06:37:17 | Deep Dive |
| CVE-2025-32679 | WordPress User Registration Using Contact Form 7 plugin <= 2.4 - Cross Site Request Forgery (CSRF) vulnerability | ZealousWeb | User Registration Using Contact Form 7 | Medium | 5.4 | 2025-04-09 16:09:14 | Deep Dive |
| CVE-2025-2836 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Medium | 6.4 | 2025-04-04 05:22:45 | Deep Dive |
| CVE-2025-30899 | WordPress User Registration plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability | wpeverest | User Registration | Medium | 5.9 | 2025-03-27 10:55:50 | Deep Dive |
| CVE-2025-2050 | PHPGurukul User Registration & Login and User Management System login.php sql injection | PHPGurukul | User Registration & Login and User Management System | High | 7.3 | 2025-03-06 23:31:06 | Deep Dive |
| CVE-2025-1702 | Ultimate Member <= 2.10.0 - Unauthenticated SQL Injection via search Parameter | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | High | 7.5 | 2025-03-05 11:22:09 | Deep Dive |
| CVE-2025-1511 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.1 | 2025-02-28 05:23:14 | Deep Dive |
| CVE-2024-12038 | Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.4 | 2025-02-22 04:21:17 | Deep Dive |
| CVE-2024-12276 | Ultimate Member <= 2.9.2 - Authenticated SQL Injection | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2025-02-21 09:21:06 | Deep Dive |
| CVE-2024-13818 | Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction <= 3.8.4 - Sensitive Information Exposure via Log Files | genetechproducts | Pie Register – User Registration, Profiles & Content Restriction | Medium | 5.3 | 2025-02-21 03:21:21 | Deep Dive |
| CVE-2024-13121 | Paid Membership Plugin < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:12 | Deep Dive |