User Registration – Custom Registration Form, Login Form And User Profile For WordPress

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > User Registration – Custom Registration Form, Login Form And User Profile For WordPress

Information

Software Type	Plugin
Software Slug	user-registration (view on wordpress.org)
Software Status	Active
Software Author	wpeverest
Software Website	wpuserregistration.com
Software Downloads	2,306,554
Software Active Installs	60,000
Software Record Last Updated	October 2, 2023

7 vulnerabilities

User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVE-2023-3342

Jul 4, 2023

Researcher: Lana Codes

User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection

8.8

CVE-2023-3343

Jun 29, 2023

Researcher: Lana Codes

User Registration <= 2.3.2.1 - Missing Authorization via send_test_email

5.3

CVE-2023-29429

Apr 6, 2023

Researcher: Rafshanzani Suhada

User Registration <= 2.3.2.1 - PHP Object Injection

7.5

CVE-2023-27459

Mar 21, 2023

Researcher: Rafie Muhammad

User Registration <= 2.3.0 - Authenticated (Administrator+) Stored Cross Site Scripting

5.5

CVE-2023-23987

Jan 20, 2023

Researcher: Rio Darmawan

User Registration <= 2.2.4 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2022-3912

Nov 21, 2022

Researcher: cydave

User Registration <= 1.5.5 - Cross-Site Scripting

6.4

CVE ID Unknown

Jan 9, 2019

Researcher: Mr Winst0n

Title	CVE ID	CVSS	Researchers	Date
User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-3342	9.9	Lana Codes	July 4, 2023
User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection	CVE-2023-3343	8.8	Lana Codes	June 29, 2023
User Registration <= 2.3.2.1 - Missing Authorization via send_test_email	CVE-2023-29429	5.3	Rafshanzani Suhada	April 6, 2023
User Registration <= 2.3.2.1 - PHP Object Injection	CVE-2023-27459	7.5	Rafie Muhammad	March 21, 2023
User Registration <= 2.3.0 - Authenticated (Administrator+) Stored Cross Site Scripting	CVE-2023-23987	5.5	Rio Darmawan	January 20, 2023
User Registration <= 2.2.4 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2022-3912	8.8	cydave	November 21, 2022
User Registration <= 1.5.5 - Cross-Site Scripting		6.4	Mr Winst0n	January 9, 2019

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation