CVE-2025-39400 — Cross-site Scripting in User Registration Membership

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 62.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wpeverest User Registration Membership Wpeverest User Registration

Timeline

PublishedApr 24

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through < 4.2.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDwpeverest/user_registration_membership< 4.2.0+1

▶CVEListV5wpeverest/user_registration4.2.0

🔴Vulnerability Details

CVEList

WordPress User Registration plugin < 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability↗2025-04-24

▶

GHSA

GHSA-f95c-548w-cjmj: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Reflected XSS↗2025-04-24

▶