User Registration
wpeverest
Developer
4.4.8
Latest version
60,000
Installations
No date
Last updated
Vulnerability history
0 present
22 fixed
11 Mitigation rules
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability<= 4.4.6Dec 15, 2025
- Authenticated (Admin+) SQL Injection vulnerability<= 4.3.0Sep 5, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode vulnerability<= 4.2.4Jul 21, 2025
- Insecure Direct Object Reference to Unauthenticated Limited User Deletion vulnerability<= 4.2.1May 5, 2025
- Reflected Cross Site Scripting (XSS) vulnerability< 4.2.0Apr 22, 2025
- Insecure Direct Object Reference to Unauthenticated Membership Modification vulnerability<= 4.1.3Apr 11, 2025
- Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update vulnerability<= 4.1.3Apr 11, 2025
- Authentication Bypass vulnerability< 4.1.3Apr 1, 2025
- Cross Site Scripting (XSS) vulnerability<= 4.0.3Mar 27, 2025
- Unauthenticated Privilege Escalation vulnerability< 4.1.2Mar 25, 2025
- Reflected Cross-Site Scripting vulnerability<= 4.0.4Feb 28, 2025
- Missing Authorization to Privilege Escalation vulnerability<= 3.2.0.1Jun 3, 2024
- Authenticated (Subscriber+) Privilege Escalation vulnerability<= 3.1.5Apr 19, 2024
- Missing Authorization to Unauthenticated Media Deletion vulnerability<= 3.1.5Apr 16, 2024
- Unauthenticated Stored Self-Based Cross-Site Scripting vulnerability<= 3.1.4Mar 7, 2024
- Admin+ Stored XSS vulnerability< 3.0.4.2Nov 7, 2023
- Authenticated Arbitrary File Upload vulnerability<= 3.0.2Jul 4, 2023
- Broken Access Control vulnerability<= 2.3.2.1Apr 6, 2023
- Authenticated PHP Object Injection vulnerability<= 2.3.2.1Mar 21, 2023
- Cross Site Scripting (XSS)<= 2.3.0Jan 20, 2023
- Stored Cross-Site Scripting (XSS) vulnerability<= 2.0.1Sep 6, 2021
- Reflected Cross-Site Scripting (XSS) vulnerability<= 1.5.5Jan 14, 2019