| CVE-2026-5478 | Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-22 | 8.1 | High | 2026-04-20 |
| CVE-2026-6203 | User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-601 | 6.1 | Medium | 2026-04-13 |
| CVE-2026-1865 | User Registration & Membership <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[] — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-89 | 6.5 | Medium | 2026-04-08 |
| CVE-2026-3296 | Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-502 | 9.8 | Critical | 2026-04-08 |
| CVE-2026-3300 | Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field — Everest Forms ProCWE-94 | 9.8 | Critical | 2026-03-31 |
| CVE-2026-32488 | WordPress User Registration plugin <= 4.4.9 - Privilege Escalation vulnerability — User RegistrationCWE-266 | 8.8 | - | 2026-03-25 |
| CVE-2026-4056 | User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-862 | 5.4 | Medium | 2026-03-23 |
| CVE-2026-27070 | WordPress Everest Forms Pro plugin <= 1.9.12 - Cross Site Scripting (XSS) vulnerability — Everest Forms ProCWE-79 | 7.1 | High | 2026-03-19 |
| CVE-2026-1492 | User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-269 | 9.8 | Critical | 2026-03-03 |
| CVE-2026-1779 | User Registration & Membership <= 5.1.2 - Authentication Bypass — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-288 | 8.1 | High | 2026-02-26 |
| CVE-2026-2356 | User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-284 | 5.3 | Medium | 2026-02-26 |
| CVE-2026-22422 | WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability — Everest FormsCWE-80 | 6.1AI | MediumAI | 2026-02-19 |
| CVE-2026-24353 | WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability — User RegistrationCWE-862 | 4.3 | Medium | 2026-01-22 |
| CVE-2025-67956 | WordPress User Registration plugin <= 4.4.6 - Broken Access Control vulnerability — User RegistrationCWE-862 | 9.1AI | CriticalAI | 2026-01-22 |
| CVE-2025-14976 | User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-352 | 5.4 | Medium | 2026-01-10 |
| CVE-2025-13367 | User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-79 | 6.4 | Medium | 2025-12-15 |
| CVE-2025-8871 | Everest Forms (Pro) <= 1.9.7 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature — Everest Forms ProCWE-502 | 5.6 | Medium | 2025-11-05 |
| CVE-2025-60210 | WordPress Everest Forms - Frontend Listing plugin <= 1.0.5 - PHP Object Injection Vulnerability — Everest Forms - Frontend ListingCWE-502 | 9.8AI | CriticalAI | 2025-10-22 |
| CVE-2025-9085 | User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-89 | 4.9 | Medium | 2025-09-06 |
| CVE-2025-6831 | User Registration <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-79 | 6.4 | Medium | 2025-07-22 |
| CVE-2025-5927 | Everest Forms (Pro) <= 1.9.4 - Unauthenticated Path Traversal to Arbitrary File Deletion — Everest Forms ProCWE-36 | 7.5 | High | 2025-06-25 |
| CVE-2025-3281 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-639 | 5.3 | Medium | 2025-05-06 |
| CVE-2025-39400 | WordPress User Registration plugin < 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability — User RegistrationCWE-79 | 7.1 | High | 2025-04-24 |
| CVE-2025-3284 | User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion — User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress PluginCWE-352 | 4.3 | Medium | 2025-04-19 |
| CVE-2025-3282 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-639 | 5.3 | Medium | 2025-04-12 |
| CVE-2025-3292 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-639 | 4.3 | Medium | 2025-04-12 |
| CVE-2025-3421 | Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-79 | 6.1 | Medium | 2025-04-11 |
| CVE-2025-3422 | Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-94 | 5.4 | Medium | 2025-04-11 |
| CVE-2025-3439 | Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-502 | 9.8 | Critical | 2025-04-11 |
| CVE-2025-30899 | WordPress User Registration plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability — User RegistrationCWE-79 | 5.9 | Medium | 2025-03-27 |