Vulnerabilities and security researches forwp-registration wp-registration

Oct 22, 2024

CVE, Research URL: CVE-2024-49604
Home page URL: Security reports for Simple User Registration
Application: Simple User Registration
Date: Oct 20, 2024
Research Description: Simple User Registration [wp-registration] <= 5.5 (unfixed) CVE-2024-49604 [en] Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5.
Affected versions: Min -, max -.
Status: vulnerable

Dec 08, 2024

CVE, Research URL: CVE-2024-53810
Home page URL: Security reports for Simple User Registration
Application: Simple User Registration
Date: Dec 06, 2024
Research Description: Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through 5.5.
Affected versions: Min -, max -.
Status: vulnerable

Jun 27, 2025

CVE, Research URL: CVE-2025-4334
Home page URL: Security reports for Simple User Registration
Application: Simple User Registration
Date: Jun 26, 2025
Research Description: The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to register as an administrator.
Affected versions: Min -, max -.
Status: vulnerable