{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14976", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-19T15:49:21.390Z", "datePublished": "2026-01-10T08:22:57.183Z", "dateUpdated": "2026-04-08T17:29:48.492Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:29:48.492Z"}, "affected": [{"vendor": "wpeverest", "product": "User Registration & Membership \u2013 Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.4.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The User Registration & Membership \u2013 Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce validation on the 'process_row_actions' function with the 'delete' action. This makes it possible for unauthenticated attackers to delete arbitrary post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e5495b4c-a1ac-4860-83a7-686d9436d983?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/4.4.8/includes/abstracts/abstract-ur-list-table.php#L290"}, {"url": "https://plugins.trac.wordpress.org/changeset/3435099/user-registration"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Youcef Hamdani"}], "timeline": [{"time": "2025-12-19T16:05:16.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-01-09T20:16:56.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-12T13:07:37.249088Z", "id": "CVE-2025-14976", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T13:08:25.004Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14976", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-12T13:07:37.249088Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T13:08:18.344Z"}}], "cna": {"title": "User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion", "credits": [{"lang": "en", "type": "finder", "value": "Youcef Hamdani"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}}], "affected": [{"vendor": "wpeverest", "product": "User Registration & Membership \u2013 Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.4.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-19T16:05:16.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-01-09T20:16:56.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e5495b4c-a1ac-4860-83a7-686d9436d983?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/4.4.8/includes/abstracts/abstract-ur-list-table.php#L290"}, {"url": "https://plugins.trac.wordpress.org/changeset/3435099/user-registration"}], "descriptions": [{"lang": "en", "value": "The User Registration & Membership \u2013 Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce validation on the 'process_row_actions' function with the 'delete' action. This makes it possible for unauthenticated attackers to delete arbitrary post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:29:48.492Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14976", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:29:48.492Z", "dateReserved": "2025-12-19T15:49:21.390Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-10T08:22:57.183Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The User Registration & Membership \u2013 Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce validation on the 'process_row_actions' function with the 'delete' action. This makes it possible for unauthenticated attackers to delete arbitrary post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El plugin User Registration &amp; Membership \u2013 Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction &amp; Membership Plugin para WordPress es vulnerable a falsificaci\u00f3n de petici\u00f3n en sitios cruzados en todas las versiones hasta, e incluyendo, la 4.4.8. Esto se debe a validaci\u00f3n de nonce faltante o incorrecta en la funci\u00f3n 'process_row_actions' con la acci\u00f3n 'delete'. Esto hace posible que atacantes no autenticados eliminen publicaci\u00f3n arbitraria a trav\u00e9s de una petici\u00f3n falsificada siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-14976", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-10T09:15:48.863", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/4.4.8/includes/abstracts/abstract-ur-list-table.php#L290"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3435099/user-registration"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e5495b4c-a1ac-4860-83a7-686d9436d983?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T21:09:35.989352+00:00", "value": {"mitigation_remediation": ["Upgrade the plugin to the most recent release that includes proper nonce validation for the delete action.", "If an upgrade cannot be performed immediately, disable the delete capability for unauthenticated users by removing the delete link from non\u2011admin pages or restricting the 'process_row_actions' hook to administrator roles only.", "Verify that all form or AJAX endpoints performing deletions are protected by a valid nonce, and add an additional nonce check where missing to guard against CSRF attacks."], "summary": {"action": "Immediate Patch", "impact": "Cross\u2011Site Request Forgery allowing deletion of arbitrary WordPress posts"}, "threat_synthesis": {"affected_systems": "All WordPress sites running the User Registration & Membership plugin up to and including version 4.4.8 are affected. This includes installations with the free and paid membership features, subscription management, content restriction, user profile, and custom registration or login builder functionality provided by the wpeverest plugin.", "description_and_impact": "The User Registration & Membership plugin for WordPress is vulnerable to a CSRF flaw caused by missing or incorrect nonce validation in the 'process_row_actions' function for the 'delete' action. This flaw permits an attacker to create a forged request that, when executed by a site administrator, will delete any post the admin has permission to delete. The impact is a loss of content integrity and potential availability disruption if critical posts are removed. The weakness is categorized as CWE\u2011352, indicating an improper defensive measure against cross\u2011site request forgery.", "risk_and_exploitability": "The CVSS score of 5.4 places the vulnerability in the moderate severity range. The EPSS score of less than 1% suggests a low probability of exploitation in the near term, and the vulnerability is not listed on the CISA KEV catalog. Attackers would need to entice a site administrator to visit a crafted URL or click a malicious link in order to trigger the deletion. The known exploit path relies on CSRF; no additional privileges or code execution are required, making it a simple yet potentially damaging attack vector for sites that frequently publish valuable content."}}}}, "created": "2026-01-12T14:36:27.297702+00:00", "updated": "2026-04-20T21:15:20.633583+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wpeverest", "wpeverest$PRODUCT$user_registration", "wpeverest$PRODUCT$user_registration_&_membership"]}