Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for simple_user_registration by najeebmedia

    CVE-2025-4334 (GCVE-0-2025-4334)

    Vulnerability from nvd – Published: 2025-06-26 02:06 – Updated: 2026-04-08 17:20
    VLAI
    Title
    Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation
    Summary
    The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to register as an administrator.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    nmedia Simple User Registration Affected: 0 , ≤ 6.3 (semver)
    Create a notification for this product.
    Credits
    Cheng Liu
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4334",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-27T14:41:10.397745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-27T14:51:55.539Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Simple User Registration",
              "vendor": "nmedia",
              "versions": [
                {
                  "lessThanOrEqual": "6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cheng Liu"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to register as an administrator."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:20:02.002Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c211e0c0-3086-43d2-853c-489f9c42b0ab?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/wp-registration/trunk/inc/classes/class.register.php#L135"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3327946/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-25T13:47:19.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Simple User Registration \u003c= 6.3 - Unauthenticated Privilege Escalation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-4334",
        "datePublished": "2025-06-26T02:06:34.765Z",
        "dateReserved": "2025-05-05T15:26:58.510Z",
        "dateUpdated": "2026-04-08T17:20:02.002Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-49604 (GCVE-0-2024-49604)

    Vulnerability from nvd – Published: 2024-10-20 07:56 – Updated: 2026-04-28 16:10
    VLAI
    Title
    WordPress Simple User Registration plugin <= 6.7 - Broken Authentication vulnerability
    Summary
    Authentication Bypass Using an Alternate Path or Channel vulnerability in N-Media Simple User Registration wp-registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through <= 6.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    References
    Impacted products
    Vendor Product Version
    N-Media Simple User Registration Affected: 0 , ≤ 6.7 (custom)
    Create a notification for this product.
    najeeb_ahmad simple_user_registration Affected: 0 , ≤ 5.5 (custom)
        cpe:2.3:a:najeeb_ahmad:simple_user_registration:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2026-04-01 16:28
    Credits
    stealthcopter | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:najeeb_ahmad:simple_user_registration:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simple_user_registration",
                "vendor": "najeeb_ahmad",
                "versions": [
                  {
                    "lessThanOrEqual": "5.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49604",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-21T16:10:36.387594Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-21T16:11:38.694Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "wp-registration",
              "product": "Simple User Registration",
              "vendor": "N-Media",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "6.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "6.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "stealthcopter | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:28:16.563Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in N-Media Simple User Registration wp-registration allows Authentication Bypass.\u003cp\u003eThis issue affects Simple User Registration: from n/a through \u003c= 6.7.\u003c/p\u003e"
                }
              ],
              "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in N-Media Simple User Registration wp-registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through \u003c= 6.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:25.561Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/wp-registration/vulnerability/wordpress-simple-user-registration-plugin-5-5-account-takeover-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Simple User Registration plugin \u003c= 6.7 - Broken Authentication vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-49604",
        "datePublished": "2024-10-20T07:56:32.685Z",
        "dateReserved": "2024-10-17T09:51:09.446Z",
        "dateUpdated": "2026-04-28T16:10:25.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-4334 (GCVE-0-2025-4334)

    Vulnerability from cvelistv5 – Published: 2025-06-26 02:06 – Updated: 2026-04-08 17:20
    VLAI
    Title
    Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation
    Summary
    The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to register as an administrator.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    nmedia Simple User Registration Affected: 0 , ≤ 6.3 (semver)
    Create a notification for this product.
    Credits
    Cheng Liu
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4334",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-27T14:41:10.397745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-27T14:51:55.539Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Simple User Registration",
              "vendor": "nmedia",
              "versions": [
                {
                  "lessThanOrEqual": "6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cheng Liu"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to register as an administrator."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:20:02.002Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c211e0c0-3086-43d2-853c-489f9c42b0ab?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/wp-registration/trunk/inc/classes/class.register.php#L135"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3327946/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-25T13:47:19.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Simple User Registration \u003c= 6.3 - Unauthenticated Privilege Escalation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-4334",
        "datePublished": "2025-06-26T02:06:34.765Z",
        "dateReserved": "2025-05-05T15:26:58.510Z",
        "dateUpdated": "2026-04-08T17:20:02.002Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-49604 (GCVE-0-2024-49604)

    Vulnerability from cvelistv5 – Published: 2024-10-20 07:56 – Updated: 2026-04-28 16:10
    VLAI
    Title
    WordPress Simple User Registration plugin <= 6.7 - Broken Authentication vulnerability
    Summary
    Authentication Bypass Using an Alternate Path or Channel vulnerability in N-Media Simple User Registration wp-registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through <= 6.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    References
    Impacted products
    Vendor Product Version
    N-Media Simple User Registration Affected: 0 , ≤ 6.7 (custom)
    Create a notification for this product.
    najeeb_ahmad simple_user_registration Affected: 0 , ≤ 5.5 (custom)
        cpe:2.3:a:najeeb_ahmad:simple_user_registration:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2026-04-01 16:28
    Credits
    stealthcopter | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:najeeb_ahmad:simple_user_registration:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "simple_user_registration",
                "vendor": "najeeb_ahmad",
                "versions": [
                  {
                    "lessThanOrEqual": "5.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49604",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-21T16:10:36.387594Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-21T16:11:38.694Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "wp-registration",
              "product": "Simple User Registration",
              "vendor": "N-Media",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "6.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "6.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "stealthcopter | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:28:16.563Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in N-Media Simple User Registration wp-registration allows Authentication Bypass.\u003cp\u003eThis issue affects Simple User Registration: from n/a through \u003c= 6.7.\u003c/p\u003e"
                }
              ],
              "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in N-Media Simple User Registration wp-registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through \u003c= 6.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:25.561Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/wp-registration/vulnerability/wordpress-simple-user-registration-plugin-5-5-account-takeover-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Simple User Registration plugin \u003c= 6.7 - Broken Authentication vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-49604",
        "datePublished": "2024-10-20T07:56:32.685Z",
        "dateReserved": "2024-10-17T09:51:09.446Z",
        "dateUpdated": "2026-04-28T16:10:25.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }