CVE-2026-42652
published 2026-04-29CVE-2026-42652: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows…
PriorityP426high7.1CVSS 3.1
AVNACLPRNUIRSCCLILAL
EPSS
0.15%
4.5th percentile
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through <= 5.1.5.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpeverest | user_registration | <= 5.1.5 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
wpeverest User Registration Plugin up to 5.1.5 on WordPress cross site scripting
vuldb·2026-04-29·CVSS 7.1
CVE-2026-42652 [HIGH] wpeverest User Registration Plugin up to 5.1.5 on WordPress cross site scripting
A vulnerability identified as problematic has been detected in wpeverest User Registration Plugin up to 5.1.5 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting.
This vulnerability is documented as CVE-2026-42652. The attack can be initiated remotely. There is not any exploit available.
GHSA
GHSA-jjqr-xv77-q8mr: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration al
ghsa_unreviewed·2026-04-29
CVE-2026-42652 [HIGH] CWE-79 GHSA-jjqr-xv77-q8mr: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration al
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through <= 5.1.5.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-29
Published