Description
Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration restrict-user-registration allows Stored XSS.This issue affects Restrict User Registration: from n/a through <= 1.0.1.
Published: 2025-04-17
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The WordPress Restrict User Registration plugin contains a CSRF flaw that allows an attacker to submit a crafted request and store malicious JavaScript in the plugin’s data. Once the script is stored, it is executed whenever a site visitor loads the affected page, leading to code execution in the context of the user’s browser. This vulnerability can compromise confidentiality, integrity, and availability for all site users.

Affected Systems

The flaw affects the DevriX Restrict User Registration plugin up through version 1.0.1. Any WordPress site that has this plugin installed and not updated to a later release is vulnerable.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.1, indicating high severity. The EPSS score is less than 1 %, suggesting a low probability of exploitation in the wild, and the issue is not listed in the CISA KEV catalog. Likely exploitation requires an attacker to persuade an authenticated user or the site administrator to visit a malicious URL that triggers the CSRF payload.

Generated by OpenCVE AI on April 30, 2026 at 22:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Restrict User Registration to a version newer than 1.0.1 if available.
  • If no newer version exists, disable or uninstall the plugin to prevent stored XSS.
  • Configure WordPress to enforce CSRF tokens for all forms or use a security plugin that blocks unauthorized requests.

Generated by OpenCVE AI on April 30, 2026 at 22:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-11726 Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration allows Stored XSS. This issue affects Restrict User Registration: from n/a through 1.0.1.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration allows Stored XSS. This issue affects Restrict User Registration: from n/a through 1.0.1. Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration restrict-user-registration allows Stored XSS.This issue affects Restrict User Registration: from n/a through <= 1.0.1.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Thu, 17 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 17 Apr 2025 16:00:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in DevriX Restrict User Registration allows Stored XSS. This issue affects Restrict User Registration: from n/a through 1.0.1.
Title WordPress Restrict User Registration plugin <= 1.0.1 - CSRF to Stored XSS vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:26.728Z

Reserved: 2025-04-09T11:21:04.031Z

Link: CVE-2025-32655

cve-icon Vulnrichment

Updated: 2025-04-17T18:08:40.646Z

cve-icon NVD

Status : Deferred

Published: 2025-04-17T16:15:49.560

Modified: 2026-06-17T09:12:22.233

Link: CVE-2025-32655

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T22:15:16Z

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)