cleantalk
Vulnerabilities and Security Researches

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin, a3e39175d7e739be900c3f20b1e1c714c718873a

CVE, Research URL

a3e39175d7e739be900c3f20b1e1c714c718873a

Home page URL

Security reports for User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin

Application

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin

Published on
Jan 09, 2019
Research Description
User Registration &amp; Membership &#8211; Free &amp; Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration &amp; Login Builder [user-registration] < 1.5.6 User Registration <= 1.5.5 - Cross-Site Scripting The User Registration plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping via the 'edit-registration' parameter. This makes it possible for authenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions
max 1.5.6.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-68567) , Jan 10, 2026
My auctions allegro (CVE-2025-68566) , Jan 10, 2026
My auctions allegro (CVE-2025-12851) , Dec 10, 2025
New vulnerability
Advanced AJAX Product Filters (212b7bd37d1d6fe9fb4123bc201baf84cd4ef4c2) , Jun 16, 2026
WP Hide &amp; Security Enhancer (851bbb017a404d05a340abe049ca2259f4034f35) , Jun 16, 2026
WP Hide &amp; Security Enhancer (e2c0ed4e-653b-4fe6-bedc-e00d6b127e57) , Jun 16, 2026
WP Crowdfunding (79b4071f-8696-400e-aa0b-8e20eddf68bc) , Jun 16, 2026
WP Crowdfunding (3939be2aa6ea7622bafa361ab2eb698af0517408) , Jun 16, 2026