User Registration < 4.4.7 – Missing Authorization | CVE 2025-67956 | Plugin Vulnerabilities

Description

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.4.6. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

user-registration

Fixed in 4.4.7

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/6193139b-52bf-425c-b1d3-c6fbd9185f06

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Mdr

Verified

No

WPVDB ID

dc8b7096-e900-421b-8724-0bd580e37e62

Timeline

Publicly Published

2026-01-21 (about 3 months ago)

Added

2026-01-28 (about 3 months ago)

Last Updated

2026-01-28 (about 3 months ago)

Other

Published

Title

Published

2026-04-07

Title

Timetics – Appointment Booking & Scheduling < 1.0.54 - Missing Authorization

Published

2022-08-12

Title

59sec LITE <= 3.4.1 - Unauthenticated Settings Update

Published

2025-11-14

Title

Woffice Core < 5.4.31 - Missing Authorization

Published

2023-11-28

Title

Razorpay for WooCommerce < 4.5.7 - Subscriber+ Transfers Manipulation

Published

2024-10-24

Title

Greenshift – animation and page builder blocks <=9.7 - Missing Authorization