Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder, with AI-generated Chinese analysis, references, and POCs.

Vendor: wpeverest

CVE IDTitleCVSSSeverityPublished
CVE-2026-6203 User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter CWE-601 6.1 Medium2026-04-13
CVE-2026-1865 User Registration & Membership <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[] CWE-89 6.5 Medium2026-04-08
CVE-2026-4056 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation CWE-862 5.4 Medium2026-03-23
CVE-2026-1492 User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration CWE-269 9.8 Critical2026-03-03
CVE-2026-2356 User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion CWE-284 5.3 Medium2026-02-26
CVE-2026-1779 User Registration & Membership <= 5.1.2 - Authentication Bypass CWE-288 8.1 High2026-02-26
CVE-2025-14976 User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion CWE-352 5.4 Medium2026-01-10
CVE-2025-13367 User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CWE-79 6.4 Medium2025-12-15
CVE-2025-9085 User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection CWE-89 4.9 Medium2025-09-06
CVE-2025-6831 User Registration <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode CWE-79 6.4 Medium2025-07-22
CVE-2025-3281 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion CWE-639 5.3 Medium2025-05-06
CVE-2025-3282 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification CWE-639 5.3 Medium2025-04-12
CVE-2025-3292 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update CWE-639 4.3 Medium2025-04-12
CVE-2025-1511 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2025-02-28
CVE-2024-4958 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation CWE-862 7.1 High2024-06-01
CVE-2024-2417 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation CWE-862 8.8 High2024-05-02
CVE-2024-3295 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion CWE-862 6.5 Medium2024-05-02
CVE-2024-1720 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.4 - Unauthenticated Stored Self-Based Cross-Site Scripting CWE-79 4.7 Medium2024-03-07
CVE-2023-3343 User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection CWE-502 8.8 High2023-07-13
CVE-2023-3342 User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload CWE-434 9.9 Critical2023-07-13

All 20 known CVE vulnerabilities affecting User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder with full Chinese analysis, references, and POCs where available.