Does Simple User Registration have any unpatched vulnerabilities?

Yes — Simple User Registration currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Simple User Registration compatible with WordPress 6.9.4?

According to WordPress.org data, Simple User Registration 6.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Simple User Registration updated?

Simple User Registration was last updated on Jan 28, 2026. Frequent updates are generally a positive security signal.

What is Simple User Registration's security score?

Simple User Registration has a WP-Safety security score of 48/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple User Registration Security & Risk Analysis

wordpress.org/plugins/wp-registration

WordPress Simple Registration Form Plugin

200 active installs v6.8 PHP + WP 3.5+ Updated Jan 28, 2026

drag-drop-fieldsfront-end-registrationregistration-formsimple-registrationwp-registration

D · High Risk

CVEs total6

Unpatched1

Last CVEJan 27, 2026

Plugin page Download

Safety Verdict

Is Simple User Registration Safe to Use in 2026?

High Risk

Score 48/100

Simple User Registration carries significant security risk with 6 known CVEs, 1 still unpatched. Consider switching to a maintained alternative.

6 known CVEs 1 unpatched Last CVE: Jan 27, 2026Updated 2mo ago

Risk Assessment

The wp-registration plugin v6.8 presents a mixed security posture. While it demonstrates some good practices, such as using prepared statements for all SQL queries and a generally high percentage of properly escaped output, significant concerns remain, particularly regarding its attack surface and historical vulnerability record. The plugin has a substantial number of entry points, with a notable 14 of these (over half) lacking any authentication or authorization checks. This exposes the plugin to potential unauthorized actions or information disclosure. The presence of the `unserialize` function, a known source of dangerous vulnerabilities when handling untrusted input, is a critical red flag, especially when combined with unsanitized taint flows. The plugin's vulnerability history is deeply concerning, with 6 previously disclosed CVEs, 1 of which is currently unpatched. The prevalence of critical and high-severity vulnerabilities, including those related to access control, XSS, and privilege management, indicates a pattern of recurring security weaknesses. The most recent vulnerability being in early 2026 suggests ongoing issues. In conclusion, while there are some positive coding practices, the extensive unprotected attack surface and a history of severe vulnerabilities, including an unpatched one, make this plugin a significant security risk.

Key Concerns

Unpatched CVE
Critical severity vulnerability history (3 critical)
High severity vulnerability history (3 high)
Dangerous function: unserialize
Flows with unsanitized paths
Large attack surface without authentication/authorization
REST API route without permission callbacks
AJAX handlers without auth checks
Common vulnerability types: Improper Access Control
Common vulnerability types: Improper Privilege Management
Common vulnerability types: XSS

Vulnerabilities

Simple User Registration Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

3 CVEs in 2025 · unpatched

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

High

6 total CVEs

CVE-2026-0844high · 8.8Improper Access Control

Simple User Registration <= 6.7 - Authenticated (Subscriber+) Privilege Escalation via profile_save_field

Jan 27, 2026 Patched in 6.8 (3d)

CVE-2025-12160high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple User Registration <= 6.6 - Unauthenticated Stored Cross-Site Scripting

Nov 20, 2025 Patched in 6.7 (1d)

CVE-2025-53428high · 8.8Improper Privilege Management

Simple User Registration <= 6.4 - Authenticated (Contributor+) Privilege Escalation

Sep 20, 2025Unpatched

CVE-2025-4334critical · 9.8Improper Privilege Management

Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation

Jun 25, 2025 Patched in 6.4 (29d)

CVE-2024-53810critical · 9.1Missing Authorization

Simple User Registration <= 5.5 - Missing Authorization to User Deletion

Dec 2, 2024 Patched in 6.0 (10d)

CVE-2024-49604critical · 9.8Missing Authorization

Simple User Registration <= 6.7 - Missing Authorization to Account Takeover

Oct 17, 2024 Patched in 6.8 (471d)

Code Analysis

Analyzed Mar 16, 2026

Simple User Registration Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

155

652 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$array = unserialize( $value );wp-registration.php:222

Bundled Libraries

Select2jQuery

Output Escaping

81% escaped807 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

8 flows3 with unsanitized paths

save_profile_photos (inc\classes\class.profile.php:495)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

14 unprotected

Simple User Registration Attack Surface

Entry Points27

Unprotected14

AJAX Handlers 20

authwp_ajax_wpr_submit_uninstall_reasoninc\class.deactivate.php:21

authwp_ajax_get_users_by_given_rangeinc\classes\class.dashboard.php:17

noprivwp_ajax_get_users_by_given_rangeinc\classes\class.dashboard.php:18

authwp_ajax_without_field_user_form_submitinc\classes\class.dashboard.php:21

noprivwp_ajax_without_field_user_form_submitinc\classes\class.dashboard.php:22

authwp_ajax_admin_send_message_userinc\classes\class.dashboard.php:25

authwp_ajax_previous_form_array_convertedinc\classes\class.dashboard.php:28

noprivwp_ajax_previous_form_array_convertedinc\classes\class.dashboard.php:29

authwp_ajax_wpr_send_email_to_userinc\classes\class.dashboard.php:32

noprivwp_ajax_wpr_send_email_to_useinc\classes\class.dashboard.php:33

authwp_ajax_profile_save_fieldinc\classes\class.profile.php:21

noprivwp_ajax_profile_save_fieldinc\classes\class.profile.php:22

authwp_ajax_profile_change_passwordinc\classes\class.profile.php:25

noprivwp_ajax_profile_change_passwordinc\classes\class.profile.php:26

authwp_ajax_delete_user_accountinc\classes\class.profile.php:29

noprivwp_ajax_delete_user_accountinc\classes\class.profile.php:30

authwp_ajax_wpr_save_profile_photoinc\classes\class.profile.php:33

authwp_ajax_wpr_saved_meta_datawp-registration.php:108

authwp_ajax_wpr_submit_formwp-registration.php:127

noprivwp_ajax_wpr_submit_formwp-registration.php:128

REST API Routes 1

GET/wp-json/wpr/v1/twitter/inc\classes\class.wpr-api.php:22

Shortcodes 6

[wpr-member-dir] inc\classes\class.member_directory.php:14

[wpr-profile] inc\classes\class.profile.php:14

[wpr-account] inc\classes\class.profile.php:15

[wpr-login] wp-registration.php:111

[wpr-form] wp-registration.php:112

[wpr-password-reset] wp-registration.php:113

WordPress Hooks 40

actionadmin_noticesdebug-install.php:9

actionadmin_enqueue_scriptsinc\class.deactivate.php:18

actionadmin_footerinc\class.deactivate.php:20

actionadmin_menuinc\classes\class.dashboard.php:14

actionadmin_enqueue_scriptsinc\classes\class.field.php:15

actionadd_meta_boxesinc\classes\class.field.php:18

filterquery_varsinc\classes\class.login.php:17

actioninitinc\classes\class.login.php:19

actiontemplate_redirectinc\classes\class.login.php:22

actioninitinc\classes\class.login.php:24

filterlogin_redirectinc\classes\class.login.php:26

actionwp_login_failedinc\classes\class.login.php:28

actionuser_by_roleinc\classes\class.member_directory.php:15

filterwpr_profile_valueinc\classes\class.profile.php:18

actioninitinc\classes\class.profile.php:35

filterwoocommerce_my_account_my_orders_actionsinc\classes\class.profile.php:39

filterwpr_core_fieldsinc\classes\class.register.php:23

actionwpr_after_user_createdinc\classes\class.register.php:24

filterthe_contentinc\classes\class.restriction.php:15

actionsave_post_pageinc\classes\class.restriction.php:18

filtershow_admin_barinc\classes\class.restriction.php:90

actionrest_api_initinc\classes\class.wpr-api.php:11

actionwp_headinc\hooks.php:131

actionwp_footerinc\hooks.php:154

actioninitwp-registration.php:75

actioninitwp-registration.php:77

filterlogout_urlwp-registration.php:86

actionadmin_noticeswp-registration.php:95

actionadd_meta_boxeswp-registration.php:97

actionadd_meta_boxeswp-registration.php:98

actionadd_meta_boxeswp-registration.php:101

actionsave_post_wprwp-registration.php:105

actionadmin_menuwp-registration.php:116

filterenter_title_herewp-registration.php:117

actionadmin_post_wpr_update_statuswp-registration.php:120

actionadmin_enqueue_scriptswp-registration.php:123

actioninitwp-registration.php:134

actionwpr_before_submit_buttonwp-registration.php:138

filterwpr_localize_permalinkswp-registration.php:141

actionplugins_loadedwp-registration.php:330

Maintenance & Trust

Simple User Registration Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 28, 2026

PHP min version

Downloads96K

Community Trust

Rating88/100

Number of ratings27

Active installs200

Alternatives

Simple User Registration Alternatives

Multi Step Registration Form Plugin

multipress-lite

MultiPress is an all in one wordpress plugin to create multistep registration forms with intersting features in wordpress websites.

10 No CVEs

Simple Registration Form

simple-registration-form

This plugin allows users to put simple registration form on page , post or template using shortcode

100 No CVEs

WP CUSTOM USER REGISTRATION

wp-custom-user-registration

Add Custom Fields to Default Registration Form

0 No CVEs

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K 75 CVEs

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

profile-builder

Powerful user profile plugin to create front-end user registration forms, login & user profile forms. Includes user role editor & content restriction.

50K 33 CVEs

Developer Profile

Simple User Registration Developer Profile

N-Media

23 plugins · 5K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

588 days

View full developer profile

Detection Fingerprints

How We Detect Simple User Registration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-registration/inc/css/wpr-style.css/wp-content/plugins/wp-registration/inc/css/wpr-custom.css/wp-content/plugins/wp-registration/inc/css/wpr-admin-style.css/wp-content/plugins/wp-registration/inc/css/wpr-login.css/wp-content/plugins/wp-registration/inc/css/wpr-member-directory.css/wp-content/plugins/wp-registration/inc/js/wpr-scripts.js/wp-content/plugins/wp-registration/inc/js/wpr-login.js/wp-content/plugins/wp-registration/inc/js/wpr-form-validation.js

Script Paths

/wp-content/plugins/wp-registration/inc/js/wpr-scripts.js/wp-content/plugins/wp-registration/inc/js/wpr-login.js/wp-content/plugins/wp-registration/inc/js/wpr-form-validation.js

Version Parameters

wp-registration/inc/css/wpr-style.css?ver=wp-registration/inc/css/wpr-custom.css?ver=wp-registration/inc/css/wpr-admin-style.css?ver=wp-registration/inc/css/wpr-login.css?ver=wp-registration/inc/css/wpr-member-directory.css?ver=wp-registration/inc/js/wpr-scripts.js?ver=wp-registration/inc/js/wpr-login.js?ver=wp-registration/inc/js/wpr-form-validation.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpr-login-formwpr-registration-formwpr-password-reset-formwpr-profile-formwpr-member-directory-wrapwpr-admin-form-fieldwpr-submit-button

HTML Comments

+6 more

Data Attributes

data-wpr-form-iddata-wpr-user-iddata-wpr-action

JS Globals

wpr_ajax_urlwpr_localize_data

REST Endpoints

/wp-json/wpr-api/v1/submit-form

Shortcode Output

[wpr-login][wpr-form][wpr-password-reset]

FAQ

Simple User Registration Security & Risk Analysis

Is Simple User Registration Safe to Use in 2026?

High Risk

Key Concerns

Simple User Registration Security Vulnerabilities

CVEs by Year

Severity Breakdown

Simple User Registration Code Analysis

Dangerous Functions Found

Bundled Libraries

Output Escaping

Data Flow Analysis

Simple User Registration Attack Surface

AJAX Handlers 20

REST API Routes 1

Shortcodes 6

Simple User Registration Maintenance & Trust

Maintenance Signals

Community Trust

Simple User Registration Alternatives

Multi Step Registration Form Plugin

Simple Registration Form

WP CUSTOM USER REGISTRATION

Ninja Forms – The Contact Form Builder That Grows With You

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

Simple User Registration Developer Profile

How We Detect Simple User Registration

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Simple User Registration