cleantalk
Vulnerabilities and Security Researches

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin, CVE-2026-42652

CVE, Research URL

CVE-2026-42652

Home page URL

Security reports for User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin

Application

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin

Published on
Apr 29, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through <= 5.1.5.
Affected versions
max 5.1.6.
Status
vulnerable
Previous vulnerability researches
SERPed.net (CVE-2025-24669) , Jan 26, 2025
SERPed.net (CVE-2025-28998) , Jul 02, 2025
SERPed.net (CVE-2025-32651) , Apr 18, 2025
New vulnerability
User Registration &#8211; Custom Registration Form, Login Form, and User Profile WordPress Plugin (CVE-2026-42652) , Apr 30, 2026
WP Meteor Website Speed Optimization Addon (CVE-2026-2902) , Apr 30, 2026
Social Post Embed (CVE-2026-6809) , Apr 30, 2026
Timeline Blocks for Gutenberg (CVE-2026-6551) , Apr 29, 2026
WPC Smart Messages for WooCommerce (CVE-2026-6725) , Apr 29, 2026