cleantalk
Vulnerabilities and Security Researches

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin, CVE-2025-14976

CVE, Research URL

CVE-2025-14976

Home page URL

Security reports for User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin

Application

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin

Published on
Jan 10, 2026
Research Description
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce validation on the 'process_row_actions' function with the 'delete' action. This makes it possible for unauthenticated attackers to delete arbitrary post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 4.4.9.
Status
vulnerable
Previous vulnerability researches
Interactive Medical Drawing of Human Body (CVE-2025-9332) , Oct 11, 2025
Interactive Medical Drawing of Human Body (CVE-2023-53593) , Jun 13, 2026
Interactive Medical Drawing of Human Body (CVE-2022-0388) , Jun 10, 2024
New vulnerability
Dashboard Welcome for Elementor (CVE-2022-47150) , Jun 14, 2026
Royal Elementor Addons and Templates (CVE-2026-5162) , Jun 14, 2026
Royal Elementor Addons and Templates (CVE-2025-39361) , Jun 14, 2026
Royal Elementor Addons and Templates (CVE-2023-33999) , Jun 14, 2026
Appointment Booking Calendar (CVE-2025-46241) , Jun 14, 2026