Cross-Site Scripting Vulnerability in User Registration Plugin by WP Everest
CVE-2026-42652

7.1HIGH

Key Information:

Vendor: WordPress
Status: User Registration
Vendor: CVE Published:; 29 April 2026

What is CVE-2026-42652?

The User Registration plugin by WP Everest contains a vulnerability that allows for Cross-Site Scripting (XSS) attacks. This occurs due to improper neutralization of user inputs during web page generation. Specifically, an attacker can exploit this issue to inject malicious scripts that may execute in the context of the user's browser. Affected versions include all versions through 5.1.5, exposing user data to risk and compromising the integrity of web applications.

Affected Version(s)

User Registration 0 <= 5.1.5

References

https://patchstack.com/database/Wordpress/Plugin/user-reg...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

raihan adi arba | Patchstack Bug Bounty Program

CVE-2026-42652 Data

JSON