Wpeverest User Registration — known CVE vulnerabilities
Every CVE whose affected-product data names Wpeverest User Registration, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2023-3342 — CVSS 9.9 (critical): The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type…
CVE-2023-3343 — CVSS 8.8 (high): The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via…
CVE-2022-3912 — CVSS 7.5 (high): The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to…
CVE-2025-1511 — CVSS 6.1 (medium): The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to…
CVE-2023-23987 — CVSS 5.9 (medium): Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin <= 2.3.0 versions.
CVE-2021-24654 — CVSS 5.4 (medium): The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted…
CVE-2023-29429 — CVSS 5.3 (medium): Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security…
CVE-2023-5228 — CVSS 4.8 (medium): The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege…