CVE-2025-4334

high-risk

Published 2025-06-26

The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to register as an administrator.

Do I need to act?

33.7% chance of exploitation in next 30 days

EPSS score — higher than 66% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Simple User Registration

Affected Vendors

Najeebmedia

References (3)

Product https://plugins.trac.wordpress.org/browser/wp-registration/trunk/inc/classes/cla...

https://plugins.trac.wordpress.org/changeset/3327946/

Third Party Advisory https://www.wordfence.com/threat-intel/vulnerabilities/id/c211e0c0-3086-43d2-853...

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 16/34 · Moderate

Exposure 5/34 · Minimal