Does Custom User Registration Lite have any unpatched vulnerabilities?

No. All known vulnerabilities in Custom User Registration Lite have been patched as of the latest data update. Always keep the plugin updated to the latest version.

How often is Custom User Registration Lite updated?

Custom User Registration Lite was last updated on Nov 1, 2011. Frequent updates are generally a positive security signal.

What is Custom User Registration Lite's security score?

Custom User Registration Lite has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom User Registration Lite Security & Risk Analysis

wordpress.org/plugins/custom-user-registration-lite

Provides login widget to allow users to register and login, all without leaving your website!

10 active installs v1.0.2 PHP + WP 3.1+ Updated Nov 1, 2011

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Custom User Registration Lite Safe to Use in 2026?

Generally Safe

Score 85/100

Custom User Registration Lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The security posture of "custom-user-registration-lite" v1.0.2 appears to have some strengths in terms of attack surface and SQL query handling. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential entry points for malicious actors. Furthermore, the plugin exclusively uses prepared statements for its SQL queries, which is a strong practice against SQL injection vulnerabilities. However, a major concern arises from the static analysis indicating that 100% of output is not properly escaped. This presents a significant risk for cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website through the plugin's output.

The taint analysis revealed two flows with unsanitized paths, which, although not classified as critical or high severity in this report, warrant attention. Unsanitized paths can be precursors to more severe vulnerabilities if not handled correctly. The plugin's vulnerability history is clean, with no known CVEs, which is positive. This suggests that, thus far, the plugin has not been identified as having major security flaws that have been publicly disclosed. Despite the clean history and limited attack surface, the pervasive lack of output escaping is a critical weakness that needs immediate addressing. The plugin's strengths in limiting entry points and secure SQL practices are overshadowed by the high risk of XSS due to unescaped output.

Key Concerns

100% of output not properly escaped
Flows with unsanitized paths detected

Vulnerabilities

None known

Custom User Registration Lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Custom User Registration Lite Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

0% escaped9 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

widget_title (userreg.class.php:247)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Custom User Registration Lite Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

filtershow_admin_barcustom-user-registration.php:28

actioninitcustom-user-registration.php:29

actionwidgets_initcustom-user-registration.php:30

filterthe_contentcustom-user-registration.php:31

Maintenance & Trust

Custom User Registration Lite Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedNov 1, 2011

PHP min version

Downloads11K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Custom User Registration Lite Alternatives

No alternatives data available yet.

Developer Profile

Custom User Registration Lite Developer Profile

stesvis

4 plugins · 40 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Custom User Registration Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/custom-user-registration-lite/style/easy.css/wp-content/plugins/custom-user-registration-lite/style/jquery-ui.css/wp-content/plugins/custom-user-registration-lite/style/default.css/wp-content/plugins/custom-user-registration-lite/js/easy.js/wp-content/plugins/custom-user-registration-lite/js/jquery-ui.js/wp-content/plugins/custom-user-registration-lite/js/default.js

Script Paths

/wp-content/plugins/custom-user-registration-lite/js/easy.js/wp-content/plugins/custom-user-registration-lite/js/jquery-ui.js/wp-content/plugins/custom-user-registration-lite/js/default.js

HTML / DOM Fingerprints

CSS Classes

merlic_userreg_css_easymerlic_userreg_css_jquery-uimerlic_userreg_css_defaultmerlic_userreg_js_easymerlic_userreg_js_uimerlic_userreg_js_default

HTML Comments

If i don't use this hack i get the following type of error(s)

Warning: Cannot modify header information - headers already sent by (output started at /home/cristian/public_html/_wordpress/wp-content/themes/idream/header.php:7) in /home/cristian/public_html/_wordpress/wp-includes/pluggable.php on line 717

Shortcode Output

<h2>User Registration</h2><h2>My Profile</h2>

FAQ