Description
Incorrect Privilege Assignment vulnerability in N-Media Simple User Registration wp-registration allows Privilege Escalation.This issue affects Simple User Registration: from n/a through <= 6.8.
Published: 2025-10-22
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Simple User Registration plugin by N-Media contains an incorrect privilege assignment flaw that enables an attacker to elevate privileges. The bug allows the creation of users with higher permissions than intended, which can lead to full site takeover or unauthorized modification of content. The weakness is formally classified under CWE‑266, Improper Privilege Assignment, indicating that the plugin does not correctly enforce role boundaries during registration.

Affected Systems

All releases of N-Media Simple User Registration up to and including version 6.8 are vulnerable. Users with any of those versions deployed on WordPress sites are at risk. The vulnerability originates from the plugin’s registration logic, affecting any environment where the plugin is active.

Risk and Exploitability

The CVSS score of 8.8 marks this flaw as high severity, while the EPSS score of less than 1% suggests that, as of now, exploitation attempts are very rare. The vulnerability is not listed in CISA’s KEV catalog. The most plausible exploitation path is via the plugin’s publicly exposed registration endpoint, where an unauthenticated or low‑privileged user can submit information that bypasses normal role assignment, resulting in an unintended privilege escalation.

Generated by OpenCVE AI on April 29, 2026 at 20:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the N‑Media official repository or support channels for a patched version that addresses the privilege assignment issue, and upgrade the plugin as soon as an updated release is available.
  • If an immediate update is not possible, consider disabling the plugin entirely or temporarily turning off its automatic role assignment feature until the flaw is corrected.
  • When creating new user accounts through the plugin, manually assign the lowest permissible role or use custom code to override the default role assignment and restrict elevated permissions.

Generated by OpenCVE AI on April 29, 2026 at 20:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Incorrect Privilege Assignment vulnerability in N-Media Simple User Registration wp-registration allows Privilege Escalation.This issue affects Simple User Registration: from n/a through <= 6.4. Incorrect Privilege Assignment vulnerability in N-Media Simple User Registration wp-registration allows Privilege Escalation.This issue affects Simple User Registration: from n/a through <= 6.8.
Title WordPress Simple User Registration plugin <= 6.4 - Privilege Escalation vulnerability WordPress Simple User Registration plugin <= 6.8 - Privilege Escalation vulnerability

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Thu, 23 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 23 Oct 2025 10:30:00 +0000

Type Values Removed Values Added
First Time appeared N-media
N-media simple User Registration
Wordpress
Wordpress wordpress
Vendors & Products N-media
N-media simple User Registration
Wordpress
Wordpress wordpress

Wed, 22 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
Description Incorrect Privilege Assignment vulnerability in N-Media Simple User Registration wp-registration allows Privilege Escalation.This issue affects Simple User Registration: from n/a through <= 6.4.
Title WordPress Simple User Registration plugin <= 6.4 - Privilege Escalation vulnerability
Weaknesses CWE-266
References

Subscriptions

N-media Simple User Registration
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T19:14:09.725Z

Reserved: 2025-06-30T10:46:02.701Z

Link: CVE-2025-53428

cve-icon Vulnrichment

Updated: 2025-10-23T13:49:07.092Z

cve-icon NVD

Status : Deferred

Published: 2025-10-22T15:15:51.323

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-53428

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T21:00:09Z

Weaknesses