cleantalk
Vulnerabilities and Security Researches

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin, a3e39175d7e739be900c3f20b1e1c714c718873a

CVE, Research URL

a3e39175d7e739be900c3f20b1e1c714c718873a

Home page URL

Security reports for User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin

Application

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin

Published on
Jan 09, 2019
Research Description
User Registration &amp; Membership &#8211; Free &amp; Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration &amp; Login Builder [user-registration] < 1.5.6 User Registration <= 1.5.5 - Cross-Site Scripting The User Registration plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping via the 'edit-registration' parameter. This makes it possible for authenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions
max 1.5.6.
Status
vulnerable
Previous vulnerability researches
Wishlist and Compare for WooCommerce (ad09a648-3c34-4870-b156-097af4fd7a57) , Jun 16, 2026
Wishlist and Compare for WooCommerce (d16ff76f2758ae5cd2524881fb65080698c295c3) , Jun 07, 2024
New vulnerability
WP Crowdfunding (3939be2aa6ea7622bafa361ab2eb698af0517408) , Jun 16, 2026
WP-Cron Status Checker (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
WP-Cron Status Checker (315d63796cd790e0caac845c2ab3d3c01db5196e) , Jun 16, 2026
Open Graph and Twitter Card Tags (d2a6c41972461397c4b4fbb3e37ca688b3cdcef4) , Jun 16, 2026
Open Graph and Twitter Card Tags (94d86780b701970829bbefba21941f3d698e59be) , Jun 16, 2026