User registration

This hub aggregates every CVE we track for User registration, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting User registration.

• CVE-2026-25425WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability7.5Jun 15, 2026
• CVE-2026-42652WordPress User Registration plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability7.1Apr 29, 2026
• CVE-2026-32488WordPress User Registration plugin <= 4.4.9 - Privilege Escalation vulnerability8.1Mar 25, 2026
• CVE-2026-24353WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability4.3Jan 22, 2026
• CVE-2025-67956WordPress User Registration plugin <= 4.4.6 - Broken Access Control vulnerability8.2Jan 22, 2026
• CVE-2025-39400WordPress User Registration plugin < 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability7.1Apr 24, 2025
• CVE-2025-30899WordPress User Registration plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability5.9Mar 27, 2025
• CVE-2025-1511User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting6.1Feb 28, 2025
• CVE-2023-29429WordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerability5.3Dec 9, 2024
• CVE-2023-27459WordPress User Registration plugin <= 2.3.2.1 - Authenticated PHP Object Injection vulnerability7.4Mar 26, 2024
• CVE-2023-5228User Registration < 3.0.4.2 - Admin+ Stored XSS4.8Nov 6, 2023
• CVE-2023-3342User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload9.9Jul 13, 2023
• CVE-2023-3343User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection8.8Jul 13, 2023
• CVE-2023-23987WordPress User Registration Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)5.9Apr 6, 2023
• CVE-2022-3912User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload7.5Dec 12, 2022