cleantalk
Vulnerabilities and Security Researches

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin, CVE-2026-42652

CVE, Research URL

CVE-2026-42652

Home page URL

Security reports for User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin

Application

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin

Published on
Apr 29, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through <= 5.1.5.
Affected versions
max 5.1.6.
Status
vulnerable
Previous vulnerability researches
Product Rearrange for WooCommerce (CVE-2026-31920) , Mar 31, 2026
Product Rearrange for WooCommerce (CVE-2026-31921) , Mar 31, 2026
New vulnerability
GiveWP &#8211; Donation Plugin and Fundraising Platform (CVE-2026-42642) , May 01, 2026
Spectra &#8211; WordPress Gutenberg Blocks (CVE-2026-42648) , May 01, 2026
User Registration &#8211; Custom Registration Form, Login Form, and User Profile WordPress Plugin (CVE-2026-42652) , Apr 30, 2026
WP Meteor Website Speed Optimization Addon (CVE-2026-2902) , Apr 30, 2026
Social Post Embed (CVE-2026-6809) , Apr 30, 2026