Filtered by vendor Wpeverest
Subscriptions
Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-39400 | 1 Wpeverest | 2 User Registration, User Registration \& Membership | 2026-04-01 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through < 4.2.0. | ||||
| CVE-2025-30899 | 2 Wordpress, Wpeverest | 3 Wordpress, User Registration, User Registration \& Membership | 2026-04-01 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Stored XSS.This issue affects User Registration: from n/a through <= 4.0.3. | ||||
| CVE-2026-24353 | 2 Wordpress, Wpeverest | 2 Wordpress, User Registration | 2026-04-01 | 8.1 High |
| Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9. | ||||
| CVE-2026-22422 | 2 Wordpress, Wpeverest | 2 Wordpress, Everest Forms | 2026-04-01 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through <= 3.4.1. | ||||
| CVE-2025-67956 | 2 Wordpress, Wpeverest | 2 Wordpress, User Registration | 2026-04-01 | 8.2 High |
| Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.6. | ||||
| CVE-2025-60210 | 2 Wordpress, Wpeverest | 3 Wordpress, Everest Forms, Everest Forms Frontend Listing | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing: from n/a through <= 1.0.5. | ||||
| CVE-2026-32488 | 2 Wordpress, Wpeverest | 2 Wordpress, User Registration | 2026-03-27 | 8.1 High |
| Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through <= 4.4.9. | ||||
| CVE-2026-27070 | 2 Wordpress, Wpeverest | 2 Wordpress, Everest Forms | 2026-03-20 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through 1.9.10. | ||||
| CVE-2026-1779 | 2 Wordpress, Wpeverest | 2 Wordpress, User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | 2026-02-27 | 8.1 High |
| The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthenticated attackers to log in a newly registered user on the site who has the 'urm_user_just_created' user meta set. | ||||
| CVE-2026-2356 | 2 Wordpress, Wpeverest | 2 Wordpress, User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | 2026-02-27 | 5.3 Medium |
| The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'register_member' function, due to missing validation on the 'member_id' user controlled key. This makes it possible for unauthenticated attackers to delete arbitrary user accounts that newly registered on the site who has the 'urm_user_just_created' user meta set. | ||||
| CVE-2023-27459 | 1 Wpeverest | 2 User Registration, User Registration \& Membership | 2026-01-14 | 7.4 High |
| Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1. | ||||
| CVE-2025-14976 | 2 Wordpress, Wpeverest | 3 Wordpress, User Registration, User Registration & Membership | 2026-01-13 | 5.4 Medium |
| The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce validation on the 'process_row_actions' function with the 'delete' action. This makes it possible for unauthenticated attackers to delete arbitrary post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-2594 | 1 Wpeverest | 1 User Registration \& Membership | 2025-09-30 | 8.1 High |
| The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID. | ||||
| CVE-2025-52709 | 2 Wordpress, Wpeverest | 2 Wordpress, Everest Forms | 2025-09-04 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-2563 | 1 Wpeverest | 1 User Registration \& Membership | 2025-08-27 | 8.1 High |
| The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges | ||||
| CVE-2025-3282 | 1 Wpeverest | 1 User Registration \& Membership | 2025-07-08 | 5.3 Medium |
| The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_member() due to missing validation on the 'membership_id' user controlled key. This makes it possible for unauthenticated attackers to update any user's membership to any other active or non-active membership type. | ||||
| CVE-2025-26841 | 1 Wpeverest | 1 Everest Forms | 2025-07-01 | 6.1 Medium |
| Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload. | ||||
| CVE-2024-8542 | 1 Wpeverest | 1 Everest Forms | 2025-06-04 | 4.8 Medium |
| The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13125 | 1 Wpeverest | 1 Everest Forms | 2025-05-21 | 3.5 Low |
| The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-10471 | 1 Wpeverest | 1 Everest Forms | 2025-05-15 | 4.8 Medium |
| The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||