WP-Safety

WP Register Profile With Shortcode Security & Risk Analysis

wordpress.org/plugins/wp-register-profile-with-shortcode

This is a simple registration form in the widget. just install the plugin and add the register widget in the sidebar. Thats it. :)

400 active installs v3.6.3 PHP + WP 2.0.2+ Updated Jul 8, 2025
profileregisterregister-widgetresponsive-user-registrationwp-register
71
B · Generally Safe
CVEs total4
Unpatched1
Last CVEJul 10, 2025
Plugin page Download
Safety Verdict

Is WP Register Profile With Shortcode Safe to Use in 2026?

Mostly Safe

Score 71/100

WP Register Profile With Shortcode is generally safe to use. 4 past CVEs were resolved. Keep it updated.

4 known CVEs 1 unpatched Last CVE: Jul 10, 2025Updated 8mo ago
Risk Assessment

The plugin "wp-register-profile-with-shortcode" v3.6.3 exhibits a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and appears to have no directly exploitable unsanitized taint flows in the analyzed code, several concerning areas remain. The significant number of known CVEs, with one still unpatched, including a high-severity vulnerability, points to a recurring history of security weaknesses. The common vulnerability types also suggest potential issues with input validation and authorization that could lead to data exposure, unauthorized actions, or cross-site scripting. The lack of capability checks on its shortcodes, despite them representing the primary attack surface, is a significant concern, as it implies that any user, regardless of role, could potentially trigger functionality that might have security implications. The output escaping, while partially implemented, is not fully robust, leaving room for potential cross-site scripting if certain outputs are not correctly handled.

Key Concerns

  • Unpatched High Severity CVE detected
  • No capability checks on shortcodes
  • Output escaping not fully robust (66% proper)
  • History of 4 known CVEs
Vulnerabilities
4

WP Register Profile With Shortcode Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2025-4593medium · 6.5Exposure of Sensitive Information to an Unauthorized Actor

WP Register Profile With Shortcode <= 3.6.2 - Authenticated (Contributor+) Sensitive Information Exposure

Jul 10, 2025 Patched in 3.6.3 (1d)
CVE-2025-50042medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Register Profile With Shortcode <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 19, 2025Unpatched
CVE-2023-5448high · 8.8Cross-Site Request Forgery (CSRF)

WP Register Profile With Shortcode <= 3.5.9 - Cross-Site Request Forgery to User Password Reset

Jan 10, 2024 Patched in 3.6.0 (13d)
CVE-2023-23818medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Register Profile With Shortcode <= 3.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

May 12, 2023 Patched in 3.5.8 (256d)
Code Analysis
Analyzed Mar 16, 2026

WP Register Profile With Shortcode Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
48
94 escaped
Nonce Checks
5
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

66% escaped142 total outputs
Data Flows
All sanitized

Data Flow Analysis

8 flows
edit_profile_validate (includes\class-edit-profile.php:31)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Register Profile With Shortcode Attack Surface

Entry Points4
Unprotected0

Shortcodes 4

[rp_register_widget] register.php:84
[rp_profile_edit] register.php:86
[rp_update_password] register.php:88
[rp_user_data] register.php:90
WordPress Hooks 14
actionregister_formincludes\class-admin-security.php:7
actionregistration_errorsincludes\class-admin-security.php:8
actioninitincludes\class-edit-profile.php:8
actioninitincludes\class-password-update.php:8
actioninitincludes\class-register-process.php:8
filterwp_mail_content_typeincludes\class-register-process.php:84
filterwp_mail_content_typeincludes\class-register-process.php:94
actionwp_enqueue_scriptsincludes\class-scripts.php:4
actionadmin_enqueue_scriptsincludes\class-scripts.php:5
actionadmin_menuincludes\class-settings.php:150
actionadmin_initincludes\class-settings.php:151
actionwprp_after_insert_userregister.php:92
actionwidgets_initregister.php:94
actionplugins_loadedregister.php:96
Maintenance & Trust

WP Register Profile With Shortcode Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 8, 2025
PHP min version
Downloads66K

Community Trust

Rating70/100
Number of ratings13
Active installs400
Alternatives

WP Register Profile With Shortcode Alternatives

Login Logout Menu

Login Logout Menu

login-logout-menu

A
100

Login Logout Menu is a handy plugin which allows you to add login, logout, register and profile menu items in your selected menu.

20K 1 CVE
Frontend Dashboard

Frontend Dashboard

frontend-dashboard

A
87

Frontend Dashboard is bundled with huge list of custom features which can easily customise the User profile, Posts, Login, Register, Custom roles.

600 8 CVEs
WP Frontend Profile

WP Frontend Profile

wp-front-end-profile

B
83

WP Frontend Profile allows users to edit/view their profile and register/login without going into the dashboard to do so.

100 5 CVEs
Get Login Plugin

Get Login Plugin

get-log-in

A
85

Adds 'Log In', 'Log Out', 'Register' and 'My Profile' respectively to navigation listed using "wp_list_pa &hellip;

20 No CVEs
Astra Widgets

Astra Widgets

astra-widgets

A
96

Quickest solution to add widgets like Address, Social Profiles and List icons on a website built with Astra.

200K 3 CVEs
Developer Profile

WP Register Profile With Shortcode Developer Profile

aviplugins.com

9 plugins · 8K total installs

62
trust score
Avg Security Score
76/100
Avg Patch Time
617 days
View full developer profile
Detection Fingerprints

How We Detect WP Register Profile With Shortcode

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-register-profile-with-shortcode/css/style_register_widget_admin.css/wp-content/plugins/wp-register-profile-with-shortcode/js/ap.cookie.js/wp-content/plugins/wp-register-profile-with-shortcode/js/ap-tabs.js/wp-content/plugins/wp-register-profile-with-shortcode/css/style_register_widget.css/wp-content/plugins/wp-register-profile-with-shortcode/js/jquery.validate.min.js/wp-content/plugins/wp-register-profile-with-shortcode/js/additional-methods.js
Script Paths
/wp-content/plugins/wp-register-profile-with-shortcode/js/ap.cookie.js/wp-content/plugins/wp-register-profile-with-shortcode/js/ap-tabs.js/wp-content/plugins/wp-register-profile-with-shortcode/js/jquery.validate.min.js/wp-content/plugins/wp-register-profile-with-shortcode/js/additional-methods.js

HTML / DOM Fingerprints

CSS Classes
reg-form-group
HTML Comments
<!-- /* ||||| /* <(`0_0`)> /* ()(afo)() /* ()-() */ -->
Data Attributes
name="profile"id="profile"action=""value="wprp_user_edit_profile"name="wprp_user_edit_profile"name="wprp_5q5rt78"+1 more
Shortcode Output
[rp_register_widget][rp_profile_edit][rp_update_password][rp_user_data]
FAQ

Frequently Asked Questions about WP Register Profile With Shortcode