Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in User Registration & Membership – Custom Registration Form, Login Form, and User Profile 4.0.3

  • Severity: medium-risk
  • Status: Fixed
  • Publication: March 27, 2025

The User Registration plugin for WordPress has a security issue that allows hackers to insert harmful code into certain pages. This can happen in versions up to and including 4.0.3. The problem is caused by not properly cleaning up the user input and not properly protecting the output. As a result, attackers with high-level access can insert their own scripts into pages, which will run whenever a user views those pages. This only affects sites with multiple installations or sites with certain security settings disabled.

Detected in:

User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin fixed vulnerable versions:
User Registration & Membership – Custom Registration Form, Login Form, and User Profile fixed vulnerable versions:
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.