Medium 4.3
2026-05-05< 5.1.5
CVE-2026-3601
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
Minimum safe version
5.1.6
Update to 5.1.6 or later to address 38 fixable vulnerabilities
Latest available5.1.6 ✓
High 7.1
2026-04-29< 5.1.6
CVE-2026-42652
N/A
2025-09-05< 4.4.0
User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection
N/A
2026-02-25< 5.1.3
User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion
N/A
2026-02-25< 5.1.3
User Registration & Membership <= 5.1.2 - Authentication Bypass
N/A
2026-03-02< 5.1.3
User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration
Medium 6.1
2026-04-14< 5.1.5
CVE-2026-6203
N/A
2026-03-23< 5.1.5
User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation
Medium 6.5
2026-04-08< 5.1.3
User Registration & Membership <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[]
High 8.1
2026-03-25< 5.1.3
CVE-2026-32488
Medium 4.3
2026-01-22< 5.0
CVE-2026-24353
High 8.2
2026-01-22< 4.4.7
CVE-2025-67956
Medium 5.4
2026-01-10< 4.4.9
CVE-2025-14976
Medium 6.4
2025-12-15< 4.4.7
CVE-2025-13367
Medium 6.4
2025-07-22< 4.3.0
User Registration <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode
Medium 5.3
2025-05-06< 4.2.2
User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion
Medium 6.1
2025-04-24< 4.2.0
CVE-2025-39400
Medium 5.3
2025-04-12< 4.1.4
User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification
Medium 4.3
2025-04-12< 4.1.4
User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update
High 8.1
2025-04-01< 4.1.3
User Registration & Membership <= 4.1.2 - Authentication Bypass
Medium 4.8
2025-03-27< 4.0.4
CVE-2025-30899
High 8.1
2025-04-14< 4.1.2
User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation
Medium 6.1
2025-02-28< 4.1.0
WordPress User Registration Plugin <= 4.0.4 is vulnerable to Cross Site Scripting (XSS)
High 7.1
2024-06-03< 3.2.1
WordPress User Registration Plugin <= 3.2.0.1 is vulnerable to Broken Access Control
High 8.8
2024-05-02< 3.2.0
CVE-2024-2417
Medium 6.5
2024-05-02< 3.2.0
CVE-2024-3295
Medium 6.1
2024-03-07< 3.1.5
CVE-2024-1720
Medium 4.8
2023-11-07< 3.0.4.2
WordPress User Registration Plugin < 3.0.4.2 is vulnerable to Cross Site Scripting (XSS)
Critical 9.9
2023-07-13< 3.0.2.1
CVE-2023-3342
High 8.8
2023-07-13< 3.0.2
CVE-2023-3343
Medium 5.3
2024-12-09< 2.3.3
CVE-2023-29429
High 7.4
2024-03-26< 2.3.3
CVE-2023-27459
Medium 5.9
2023-04-06< 2.3.3
CVE-2023-23987
N/A
2019-01-09< 1.5.6
User Registration <= 1.5.5 - Cross-Site Scripting
High 7.5
2022-12-12< 2.2.4.1
CVE-2022-3912
N/A
< 1.5.6
User Registration <= 1.5.5 - Authenticated Cross-Site Scripting (XSS)
N/A
2019-01-14< 1.5.6
WordPress User Registration plugin <= 1.5.5 - Authenticated Cross-Site Scripting (XSS) vulnerability
Medium 5.4
2021-10-04< 2.0.2
CVE-2021-24654