cleantalk
Vulnerabilities and Security Researches

Simple User Registration, CVE-2026-0844

CVE, Research URL

CVE-2026-0844

Home page URL

Security reports for Simple User Registration

Application

Simple User Registration

Published on
Jan 28, 2026
Research Description
The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profile_save_field' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.
Affected versions
max 6.8.
Status
vulnerable
Previous vulnerability researches
Sell Photo (2ce065d802b631a3fa4492d5366f0ffc4e0ee37b) , Apr 19, 2026
Lunar – Sell photos online (CVE-2025-28936) , Mar 13, 2025
New vulnerability
WooMS (CVE-2025-57957) , Apr 20, 2026
Simple User Registration (CVE-2026-0844) , Apr 20, 2026
Kubio AI Page Builder (CVE-2026-5427) , Apr 20, 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2026-3330) , Apr 20, 2026
Sell Photo (2ce065d802b631a3fa4492d5366f0ffc4e0ee37b) , Apr 19, 2026