CVE-2025-6831: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpeverest User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin
The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcr_restrict shortcode in all versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Analysis
Technical Summary
CVE-2025-6831 is a medium-severity stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin 'User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin' developed by wpeverest. This vulnerability exists in all versions up to and including 4.2.4. The root cause is improper neutralization of user-supplied input during web page generation, specifically within the plugin's 'urcr_restrict' shortcode. Authenticated users with contributor-level privileges or higher can exploit this flaw by injecting malicious scripts into pages via insufficient input sanitization and output escaping of shortcode attributes. When other users access these compromised pages, the injected scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or unauthorized actions within the context of the affected website. The vulnerability requires no user interaction beyond visiting the injected page and does not require higher privileges than contributor, making it a significant risk in environments where multiple users have content creation rights. The CVSS 3.1 base score is 6.4, reflecting network attack vector, low attack complexity, privileges required at the contributor level, no user interaction, and a scope change due to impact on other users. Confidentiality and integrity are impacted, but availability is not affected. No known exploits are currently reported in the wild, and no official patches have been linked yet, indicating that mitigation may rely on plugin updates or manual code fixes.
Potential Impact
For European organizations using WordPress sites with this plugin installed, the vulnerability poses a risk of persistent XSS attacks that can compromise user accounts, steal sensitive session cookies, or manipulate site content. This can lead to data breaches, defacement, or unauthorized actions performed under legitimate user sessions. Organizations handling personal data under GDPR may face compliance risks if such attacks lead to unauthorized data access or disclosure. The vulnerability is particularly concerning for multi-user environments such as membership sites, community portals, or intranets where contributors have content publishing rights. Exploitation could undermine trust in the website, cause reputational damage, and potentially lead to financial losses or regulatory penalties. Since the attack vector is remote and requires only contributor-level access, insider threats or compromised contributor accounts could be leveraged to launch attacks. The lack of user interaction requirement increases the risk of automated exploitation once a malicious script is injected.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations for the presence of the affected wpeverest User Registration plugin versions. Until an official patch is released, administrators should consider the following mitigations: 1) Restrict contributor-level permissions to trusted users only, minimizing the risk of malicious script injection. 2) Implement Web Application Firewall (WAF) rules to detect and block suspicious input patterns related to the 'urcr_restrict' shortcode attributes. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected pages. 4) Regularly monitor site content and logs for unusual script injections or modifications. 5) If feasible, temporarily disable or replace the vulnerable plugin with alternative solutions that provide similar functionality but are not vulnerable. 6) Prepare for prompt application of official patches once available and test updates in staging environments before production deployment. 7) Educate content contributors about the risks of injecting untrusted code and enforce secure content creation policies.
Affected Countries
Germany, United Kingdom, France, Netherlands, Italy, Spain, Poland, Sweden
CVE-2025-6831: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpeverest User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin
Description
The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcr_restrict shortcode in all versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI-Powered Analysis
Technical Analysis
CVE-2025-6831 is a medium-severity stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin 'User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin' developed by wpeverest. This vulnerability exists in all versions up to and including 4.2.4. The root cause is improper neutralization of user-supplied input during web page generation, specifically within the plugin's 'urcr_restrict' shortcode. Authenticated users with contributor-level privileges or higher can exploit this flaw by injecting malicious scripts into pages via insufficient input sanitization and output escaping of shortcode attributes. When other users access these compromised pages, the injected scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or unauthorized actions within the context of the affected website. The vulnerability requires no user interaction beyond visiting the injected page and does not require higher privileges than contributor, making it a significant risk in environments where multiple users have content creation rights. The CVSS 3.1 base score is 6.4, reflecting network attack vector, low attack complexity, privileges required at the contributor level, no user interaction, and a scope change due to impact on other users. Confidentiality and integrity are impacted, but availability is not affected. No known exploits are currently reported in the wild, and no official patches have been linked yet, indicating that mitigation may rely on plugin updates or manual code fixes.
Potential Impact
For European organizations using WordPress sites with this plugin installed, the vulnerability poses a risk of persistent XSS attacks that can compromise user accounts, steal sensitive session cookies, or manipulate site content. This can lead to data breaches, defacement, or unauthorized actions performed under legitimate user sessions. Organizations handling personal data under GDPR may face compliance risks if such attacks lead to unauthorized data access or disclosure. The vulnerability is particularly concerning for multi-user environments such as membership sites, community portals, or intranets where contributors have content publishing rights. Exploitation could undermine trust in the website, cause reputational damage, and potentially lead to financial losses or regulatory penalties. Since the attack vector is remote and requires only contributor-level access, insider threats or compromised contributor accounts could be leveraged to launch attacks. The lack of user interaction requirement increases the risk of automated exploitation once a malicious script is injected.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations for the presence of the affected wpeverest User Registration plugin versions. Until an official patch is released, administrators should consider the following mitigations: 1) Restrict contributor-level permissions to trusted users only, minimizing the risk of malicious script injection. 2) Implement Web Application Firewall (WAF) rules to detect and block suspicious input patterns related to the 'urcr_restrict' shortcode attributes. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected pages. 4) Regularly monitor site content and logs for unusual script injections or modifications. 5) If feasible, temporarily disable or replace the vulnerable plugin with alternative solutions that provide similar functionality but are not vulnerable. 6) Prepare for prompt application of official patches once available and test updates in staging environments before production deployment. 7) Educate content contributors about the risks of injecting untrusted code and enforce secure content creation policies.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-06-27T17:44:43.917Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 687ef0e1a83201eaac16c9d2
Added to database: 7/22/2025, 2:01:05 AM
Last enriched: 7/22/2025, 2:16:22 AM
Last updated: 8/14/2025, 11:52:10 AM
Views: 30
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.