Vulnerabilities and security researches forwp-registration wp-registration

Dec 11, 2025

CVE, Research URL: CVE-2025-12160
Home page URL: Security reports for Simple User Registration
Application: Simple User Registration
Date: Nov 21, 2025
Research Description: The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpr_admin_msg' parameter in all versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 6.7.
Status: vulnerable

Nov 11, 2025

CVE, Research URL: CVE-2025-53428
Home page URL: Security reports for Simple User Registration
Application: Simple User Registration
Date: Oct 22, 2025
Research Description: Incorrect Privilege Assignment vulnerability in N-Media Simple User Registration wp-registration allows Privilege Escalation.This issue affects Simple User Registration: from n/a through <= 6.4.
Affected versions: max 6.4.
Status: vulnerable

Jun 27, 2025

CVE, Research URL: CVE-2025-4334
Home page URL: Security reports for Simple User Registration
Application: Simple User Registration
Date: Jun 26, 2025
Research Description: The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to register as an administrator.
Affected versions: max 6.3.
Status: vulnerable

Dec 08, 2024

CVE, Research URL: CVE-2024-53810
Home page URL: Security reports for Simple User Registration
Application: Simple User Registration
Date: Dec 06, 2024
Research Description: Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through 5.5.
Affected versions: max 5.5.
Status: vulnerable

Oct 22, 2024

CVE, Research URL: CVE-2024-49604
Home page URL: Security reports for Simple User Registration
Application: Simple User Registration
Date: Oct 20, 2024
Research Description: Simple User Registration [wp-registration] <= 5.5 (unfixed) CVE-2024-49604 [en] Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5.
Affected versions: max 5.5.
Status: vulnerable