cleantalk
Vulnerabilities and Security Researches

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin, CVE-2026-42652

CVE, Research URL

CVE-2026-42652

Home page URL

Security reports for User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin

Application

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin

Published on
Apr 29, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through <= 5.1.5.
Affected versions
max 5.1.6.
Status
vulnerable
Previous vulnerability researches
Monsters Editor for WP Super Edit (5837c8098d5a525f036e44b2f5c4e2aeda29a767) , Jun 07, 2024
New vulnerability
User Registration &#8211; Custom Registration Form, Login Form, and User Profile WordPress Plugin (CVE-2026-42652) , Apr 30, 2026
WP Meteor Website Speed Optimization Addon (CVE-2026-2902) , Apr 30, 2026
Social Post Embed (CVE-2026-6809) , Apr 30, 2026
Timeline Blocks for Gutenberg (CVE-2026-6551) , Apr 29, 2026
WPC Smart Messages for WooCommerce (CVE-2026-6725) , Apr 29, 2026