CVE-2025-30899 — Cross-site Scripting in User Registration Membership

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 63.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wpeverest User Registration Membership Wpeverest User Registration

Timeline

PublishedMar 27

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Stored XSS.This issue affects User Registration: from n/a through <= 4.0.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶NVDwpeverest/user_registration_membership< 4.0.4+1

▶CVEListV5wpeverest/user_registration4.0.3

🔴Vulnerability Details

CVEList

WordPress User Registration plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability↗2025-03-27

▶

GHSA

GHSA-m9v4-8vpr-cf66: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Stored XSS↗2025-03-27

▶