CVE-2025-6831
Published
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcr_restrict shortcode in all versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
<p>Build membership sites with tiered plans, content restriction, drag-&-drop custom registration & login form builder, and built-in payment system.</p>
<h3>The Complete Membership Solution for WordPress</h3>
<p>Tired of juggling separate plugins for membership plans, user management, payment gateways, and user profile?</p>
<p>User Registration & Membership (URM) helps you monetize your site by creating membership plans and accepting payments for gated content.</p>
<ul>
<li>
<p>Membership: Build membership plans, setup billing, and manage user access in a single connected flow.</p>
</li>
<li>
<p>Custom User Registration Forms: Design custom registration form and for your users with drag-and-drop form builder.</p>
</li>
<li>
<p>Payment Integration: Monetize your membership site with one-time fee, recurring subscription, and upgrade paths. Accept subscription payments through Stripe, PayPal, and bank transfer.</p>
</li>
<li>
<p>Content Restriction: Restrict complete site, or individual pages and posts by membership subscription.</p>
</li>
</ul>
<p><a href="https://wpuserregistration.com/?utm_source=wporg&utm_medium=readme&utm_campaign=urm-free" rel="nofollow ugc">π Get Started Today</a></p>
<p><a href="https://userregistration.demoswp.net/?utm_source=wporg&utm_medium=readme&utm_campaign=try-demo" rel="nofollow ugc">π Try Our Demo</a></p>
<h3>Complete Membership Solution</h3>
<p><span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/czohMTVfLrw?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span></p>
<ul>
<li>
<p><strong>Membership Groups and Plans</strong>: Create membership tiers with different access levels and benefits. Combine related plans into membership groups for organized front-end listing.</p>
</li>
<li>
<p><strong>Pre-Installed Membership Pages</strong>: Launch your membership site in minutes instead of hours with professional pages ready to use or customize: Registration, Login, My Account, Lost Password, Reset Password, Pricing, and Thank You pages.</p>
</li>
<li>
<p><strong>Content Restriction</strong>: Set restrictions globally, per page/post, or for specific content blocks within pages. Build complex access rules using membership plans, user roles, registration and login status.</p>
</li>
<li>
<p><strong>Membership Upgrade Path</strong>: Define clear upgrade paths between membership tiers and let users switch seamlessly without interrupting their access or membership status.</p>
</li>
<li>
<p><strong>Masteriyo Course Integration</strong>: Sell courses through memberships using our Masteriyo LMS integration.</p>
</li>
<li>
<p><strong>10+ Membership Gutenberg Blocks</strong>: Create custom membership pages using our custom blocks: registration, my account, membership pricing, buy now block etc.</p>
</li>
<li>
<p><strong>Membership Analytics</strong>: Quickly glance over total registration, approved users, and pending requests with dedicated analytics dashboard.</p>
<p><strong>Custom User Registration</strong></p>
</li>
</ul>
<p><span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/jbiBJdowxG0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span></p>
<ul>
<li>
<p><strong>Registration Form Builder</strong>: Build custom WordPress registration forms. Drag fields onto the canvas, arrange them visually, and configure settings with simple clicks.</p>
</li>
<li>
<p><strong>Login Form</strong>: Start with a pre-built login form and customize it to your needs. Choose form styles, configure login methods, add CAPTCHA, and set login/logout redirects.</p>
</li>
<li>
<p><strong>Live Form Preview</strong>: Preview registration and login forms in real-time to ensure everything looks and functions properly.</p>
</li>
<li>
<p><strong>Pre-built Form Templates</strong>: Save hours of setup time with professionally designed registration form templates. Use them as-is or customize fields and styling to match your specific needs. View All Form Templates</p>
</li>
<li>
<p><strong>Ajax Form Submission</strong>: Say goodbye to slow form submissions that reload the entire page. Users get instant confirmation or error messages.</p>
</li>
<li>
<p><strong>User Role Assignment</strong>: Assignment WordPress user roles (Administrator, Editor, Author, Contributor, Subscriber) to members during registration.</p>
</li>
<li>
<p><strong>Flexible Approval Method</strong>: Choose from auto-approval, email verification, and manual admin approval for new registration for quality control.</p>
</li>
</ul>
<p><strong>Payment and Monetization</strong></p>
<ul>
<li>
<p><strong>Multiple Revenue Modules</strong>: Offer fixed-term memberships, recurring subscription or lifetime access.</p>
</li>
<li>
<p><strong>Trusted Payment Gateways</strong>: Accept secure payment with trusted global payment gateways even in the free version:</p>
<ul>
<li><strong>PayPal</strong></li>
<li><strong>Stripe</strong></li>
<li><strong>Bank Transfer</strong></li>
</ul>
</li>
<li>
<p><strong>Payment History</strong>: Comprehensive transaction tracking with payment status, date, gateway, and more. complete history accessible to admins and members.</p>
</li>
</ul>
<h3>User Registration & Membership PRO Features</h3>
<p><strong>Membership and User Management</strong></p>
<ul>
<li>Membership plans with tiered access control</li>
<li>Admin approval for new registrations</li>
<li>Member Directory with search filters searchable directories</li>
<li>Role-based redirection after login</li>
<li>Profile completeness indicator</li>
<li>Advanced content restriction with complex rules</li>
<li>User journey tracking</li>
<li>Payment history tracking</li>
<li>Social Connect (Facebook, Google, Twitter, LinkedIn login)</li>
<li>Profile Connect (sync with other plugins)</li>
<li>Block simultaneous logins</li>
</ul>
<p><strong>Advanced Content Restriction</strong></p>
<ul>
<li>Content drop for membership content</li>
<li>URL-based restriction</li>
<li>File download protection</li>
<li>Conditional Content Restriction using AND, OR, and NOT logic.</li>
</ul>
<p><strong>Registration Form Fields & Functionality</strong></p>
<ul>
<li>60+ form fields</li>
<li>Conditional logic (show/hide fields based on user input)</li>
<li>Multi-step forms with progress indicators</li>
<li>Conversational forms (chat-like layout)</li>
<li>Field visibility control</li>
<li>Form restriction by custom rules</li>
<li>Popup forms (modal display)</li>
<li>Calculations</li>
<li>Signature field
<ul>
<li>Invite codes</li>
</ul>
</li>
<li>Repeater field (multiple entries per field group)</li>
<li>Save and Continue (save partial progress)</li>
</ul>
<p><strong>Monetization and Payment Processing</strong></p>
<ul>
<li>Trial Period</li>
<li>Multiple memberships per user</li>
<li>Sell memberships to team</li>
<li>Authorize.net</li>
<li>Mollie integration</li>
<li>Registration coupons and discounts</li>
<li>Payment history dashboard</li>
<li>Membership plan upgrades with pro-rated billing</li>
<li>Discount coupon and codes</li>
<li>Tax and EU VAT</li>
<li>Sell in local currency</li>
<li>Invoice generation</li>
</ul>
<p><strong>Security & Spam Protection</strong></p>
<ul>
<li>Email verification</li>
<li>Google reCAPTCHA (V2, V3)</li>
<li>hCaptcha</li>
<li>Cloudflare Turnstile</li>
<li>Akismet</li>
<li>Honeypot spam protection</li>
<li>SMS verification via Twilio</li>
<li>Two-factor authentication (2FA)</li>
<li>Auto-generated passwords</li>
<li>Passwordless login</li>
<li>Custom CAPTCHA field (math/Q&A)</li>
<li>Whitelisted domains</li>
</ul>
<p><strong>Design & Customization</strong></p>
<ul>
<li>Email customizer</li>
<li>Customize My Account page</li>
<li>Style Customizer (visual form designer)</li>
<li>Email Templates</li>
<li>Advanced styling options for forms</li>
<li>Analytics & Tracking</li>
<li>Advanced analytics dashboard</li>
<li>User journey tracking</li>
<li>Advanced user/form analytics</li>
<li>Dashboard with views, submissions, conversions</li>
</ul>
<p><strong>Advanced Features</strong></p>
<ul>
<li>PDF form submission (auto-generate PDFs)</li>
<li>Frontend post submission</li>
<li>Bulk user import (CSV)</li>
<li>Invite codes for registration</li>
<li>Geolocation data collection</li>
<li>Private admin notes</li>
<li>Form access by user role</li>
<li>Cloud storage (Google Drive, Dropbox)</li>
</ul>
<p><strong>Marketing and CRM Integrations</strong></p>
<ul>
<li>Custom Email Notifications</li>
<li>Mailchimp</li>
<li>MailerLite</li>
<li>MailPoet</li>
<li>ActiveCampaign</li>
<li>Klaviyo</li>
<li>Brevo (formerly Sendinblue)</li>
<li>Kit (formerly ConvertKit)</li>
<li>Salesforce</li>
<li>Zapier (5,000+ apps)</li>
<li>Google Sheets</li>
<li>
<p>Webhooks</p>
<p><a href="https://wpuserregistration.com/pricing/?utm_source=wporg&utm_medium=readme&utm_campaign=pro_features&utm_content=get_pro" rel="nofollow ugc">π Get User Registration & Membership Pro</a></p>
</li>
</ul>
<h3>Know your way around user registration with our tutorials</h3>
<ul>
<li><a href="https://wpuserregistration.com/blog/how-to-create-a-membership-website-in-wordpress/?utm_source=wporg&utm_medium=readme&utm_campaign=tutorials" rel="nofollow ugc">How to Create a Membership Website in WordPress for Free (with Content Restriction)</a></li>
<li><a href="https://wpuserregistration.com/blog/create-user-profile-page-in-wordpress/?utm_source=wporg&utm_medium=readme&utm_campaign=tutorials" rel="nofollow ugc">How to Create a Custom User Profile Page in WordPress?</a></li>
<li><a href="https://wpuserregistration.com/blog/create-user-registration-form-in-wordpress/?utm_source=wporg&utm_medium=readme&utm_campaign=tutorials" rel="nofollow ugc">How to Create User Registration Form in WordPress Easily?</a></li>
<li><a href="https://wpuserregistration.com/blog/register-users-with-invitation-code/?utm_source=wporg&utm_medium=readme&utm_campaign=tutorials" rel="nofollow ugc">How to Register Users with an Invitation Code in WordPress?</a></li>
<li><a href="https://wpuserregistration.com/blog/default-wordpress-login-page-url-change/?utm_source=wporg&utm_medium=readme&utm_campaign=tutorials" rel="nofollow ugc">How to Change Default WordPress Login URL to Custom URL?</a></li>
</ul>
<p>Get in Touch with us: <a href="https://www.facebook.com/groups/userregistration" rel="nofollow ugc">Official Community</a> | <a href="https://twitter.com/user_register" rel="nofollow ugc">Twitter</a></p>
<h3>Important: Version 5.0 and above is a major update with significant improvements</h3>
<p>We strongly recommend backing up your site before updating. This update includes architectural changes that make your membership management more powerful and easier to use.<br />
Read the full blog post to see whatβs new: <a href="https://wpuserregistration.com/blog/user-registration-membership-pro-6/" rel="nofollow ugc">User Registration & Membership v5.0</a></p>
WordPress Plugin Directory