Reflected Cross-Site Scripting Vulnerability in User Registration & Membership Plugin for WordPress
CVE-2025-1511
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 28 February 2025
What is CVE-2025-1511?
The User Registration & Membership plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to improper input validation and insufficient output encoding. This vulnerability can allow unauthenticated attackers to inject malicious web scripts into web pages. If a user unwittingly clicks on a specially crafted link, it can lead to harmful scripts being executed in their browser session. Site administrators using versions up to 4.0.4 should implement immediate security measures to mitigate this risk.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
User Registration & Membership β Custom Registration Form, Login Form, and User Profile * <= 4.0.4
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved