cleantalk
Vulnerabilities and Security Researches

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress, CVE-2026-25015

CVE, Research URL

CVE-2026-25015

Home page URL

Security reports for UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress

Application

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress

Published on
Feb 03, 2026
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.53.
Affected versions
max 1.2.53.
Status
vulnerable
Previous vulnerability researches
Simple GDPR Cookie Compliance (CVE-2026-24604) , Jan 27, 2026
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2019-25143) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (7d5b4ba83a5c6004460bf267fe534a359e1416b0) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2023-4013) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2025-1621) , Mar 14, 2025
New vulnerability
Email Marketing, Email Automation &amp; Newsletter for WordPress &amp; WooCommerce – Mail Mint (CVE-2026-23541) , Feb 27, 2026
weMail &#8211; Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin (CVE-2025-14339) , Feb 27, 2026
Zita Elementor Site Library (CVE-2026-25319) , Feb 27, 2026
Easy Form Builder (CVE-2025-14067) , Feb 27, 2026
Ultimate Gift Cards for WooCommerce &#8211; Create, Redeem &amp; Manage Digital Gift Certificates with Personalized Templates (CVE-2026-24375) , Feb 27, 2026