| CVE-2024-9518 | UserPlus <= 2.0 - Unauthenticated Privilege Escalation | userplus | User registration & user profile – UserPlus | Critical | 9.8 | 2024-10-10 02:06:06 | Deep Dive |
| CVE-2024-9519 | UserPlus <= 2.0 - Authenticated (Editor+) Registration Form Update to Privilege Escalation | userplus | User registration & user profile – UserPlus | High | 7.2 | 2024-10-10 02:06:04 | Deep Dive |
| CVE-2024-8519 | Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2024-10-04 02:32:23 | Deep Dive |
| CVE-2024-8520 | Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2024-10-04 02:32:22 | Deep Dive |
| CVE-2024-7426 | Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.6.0 - Unauthenticated Full Path Disclosure | peepso | Community by PeepSo – Download from PeepSo.com | Medium | 5.3 | 2024-09-25 02:05:05 | Deep Dive |
| CVE-2024-8246 | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | High | 8.8 | 2024-09-14 03:19:27 | Deep Dive |
| CVE-2024-7618 | Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via content Parameter | peepso | Community by PeepSo – Download from PeepSo.com | Medium | 4.4 | 2024-09-10 07:30:04 | Deep Dive |
| CVE-2024-7655 | Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | peepso | Community by PeepSo – Download from PeepSo.com | Medium | 4.4 | 2024-09-10 07:30:04 | Deep Dive |
| CVE-2024-43317 | WordPress RegistrationMagic plugin <= 6.0.1.0 - Cross Site Scripting (XSS) vulnerability | Metagauss User Registration Team | RegistrationMagic | Medium | 4.3 | 2024-08-19 19:22:53 | Deep Dive |
| CVE-2023-52209 | WordPress WPForms User Registration plugin <= 2.1.0 - Authenticated Privilege Escalation vulnerability | WPForms, LLC. | WPForms User Registration | High | 8.0 | 2024-08-01 21:04:11 | Deep Dive |
| CVE-2024-6069 | Pie Register - Basic <= 3.8.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation | genetechproducts | Pie Register – User Registration, Profiles & Content Restriction | High | 8.8 | 2024-07-09 08:33:11 | Deep Dive |
| CVE-2024-6265 | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by' | stiofansisland | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | Critical | 9.8 | 2024-06-29 04:33:28 | Deep Dive |
| CVE-2024-1407 | Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 5.4 | 2024-06-19 06:55:47 | Deep Dive |
| CVE-2024-5149 | BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.5 | 2024-06-05 04:32:25 | Deep Dive |
| CVE-2024-4958 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 7.1 | 2024-06-01 07:35:57 | Deep Dive |
| CVE-2024-2861 | ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-05-23 09:32:33 | Deep Dive |
| CVE-2024-2417 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 8.8 | 2024-05-02 16:52:42 | Deep Dive |
| CVE-2024-3215 | Paid Memberships Pro <= 3.0.1 - Cross-Site Request Forgery | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 5.3 | 2024-05-02 16:52:30 | Deep Dive |
| CVE-2024-2765 | Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.4 | 2024-05-02 16:52:22 | Deep Dive |
| CVE-2024-3295 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.5 | 2024-05-02 16:52:21 | Deep Dive |