Reflected Cross-Site Scripting Vulnerability in User Registration & Membership Plugin for WordPress
CVE-2025-1511

6.1MEDIUM

Key Information:

Vendor

WordPress
Status
User Registration & Membership – Custom Registration Form, Login Form, And User Profile
Vendor
CVE Published:
28 February 2025

What is CVE-2025-1511?

The User Registration & Membership plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to improper input validation and insufficient output encoding. This vulnerability can allow unauthenticated attackers to inject malicious web scripts into web pages. If a user unwittingly clicks on a specially crafted link, it can lead to harmful scripts being executed in their browser session. Site administrators using versions up to 4.0.4 should implement immediate security measures to mitigate this risk.

Affected Version(s)

User Registration & Membership – Custom Registration Form, Login Form, and User Profile * <= 4.0.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/user-registrat...
https://plugins.trac.wordpress.org/changeset/3246826/user...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dale Mavers
.