Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder — Vulnerabilities & Security Advisories 22

All 22 CVE vulnerabilities found in User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder, with AI-generated Chinese analysis, references, and POCs.

This page aggregates security vulnerabilities for the User Registration & Membership plugin, a widely used WordPress solution that manages free and paid memberships, subscriptions, content restriction, user profiles, and custom registration forms. It compiles a comprehensive list of known security weaknesses affecting this specific product, covering data from its initial releases up to the most recent disclosures found in public security databases. Here, users can track a vendor's advisories over time to understand their response patterns and remediation speed, or dive into the technical specifics of a particular weakness class to grasp the underlying mechanics of the exploit. Additionally, visitors can look up a product's vulnerability history to assess its long-term security posture and stability before making purchasing decisions or performing updates. The collected entries include details on affected versions, threat levels, and mitigation strategies, providing a clear view of the risks associated with this membership management tool. By centralizing this information, the page serves as a vital resource for developers, site administrators, and security analysts who need to evaluate the safety of their WordPress installations. Understanding these past incidents helps in implementing stronger security configurations and staying informed about potential threats that could compromise user data or site integrity. This structured approach ensures that all stakeholders have access to accurate, timely, and relevant security intelligence regarding the User Registration & Membership ecosystem.

Vendor: wpeverest

CVE IDTitleCVSSSeverityPublished
CVE-2026-6145 User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter CWE-862 5.3 Medium2026-05-14
CVE-2026-3601 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification CWE-862 4.3 Medium2026-05-05
CVE-2026-6203 User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter CWE-601 6.1 Medium2026-04-13
CVE-2026-1865 User Registration & Membership <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[] CWE-89 6.5 Medium2026-04-08
CVE-2026-4056 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation CWE-862 5.4 Medium2026-03-23
CVE-2026-1492 User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration CWE-269 9.8 Critical2026-03-03
CVE-2026-2356 User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion CWE-284 5.3 Medium2026-02-26
CVE-2026-1779 User Registration & Membership <= 5.1.2 - Authentication Bypass CWE-288 8.1 High2026-02-26
CVE-2025-14976 User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion CWE-352 5.4 Medium2026-01-10
CVE-2025-13367 User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CWE-79 6.4 Medium2025-12-15
CVE-2025-9085 User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection CWE-89 4.9 Medium2025-09-06
CVE-2025-6831 User Registration <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode CWE-79 6.4 Medium2025-07-22
CVE-2025-3281 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion CWE-639 5.3 Medium2025-05-06
CVE-2025-3282 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification CWE-639 5.3 Medium2025-04-12
CVE-2025-3292 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update CWE-639 4.3 Medium2025-04-12
CVE-2025-1511 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2025-02-28
CVE-2024-4958 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation CWE-862 7.1 High2024-06-01
CVE-2024-2417 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation CWE-862 8.8 High2024-05-02
CVE-2024-3295 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion CWE-862 6.5 Medium2024-05-02
CVE-2024-1720 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.4 - Unauthenticated Stored Self-Based Cross-Site Scripting CWE-79 4.7 Medium2024-03-07
CVE-2023-3343 User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection CWE-502 8.8 High2023-07-13
CVE-2023-3342 User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload CWE-434 9.9 Critical2023-07-13

All 22 known CVE vulnerabilities affecting User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder with full Chinese analysis, references, and POCs where available.