CVE-2025-13367

Name of the Vulnerable Software and Affected Versions User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin for WordPress versions through 4.4.6

Description The software contains a Stored Cross-Site Scripting issue resulting from inadequate input sanitization and output escaping. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page.

Recommendations Update to a version beyond 4.4.6.