PatchSiren cyber security CVE debrief
CVE-2026-25425 ThemeGrill CVE debrief
CVE-2026-25425 is a high severity vulnerability (CVSS Score: 7.5) affecting User Registration plugin versions <= 5.1.2. This vulnerability is categorized as Unauthenticated Broken Access Control. According to the [NVD detail resourceLinkAnnotations:nvd], the vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The [CVE record resourceLinkAnnotations:cve-org] was published on 2026-06-15T21:16:40.283Z and last modified on 2026-06-15T21:24:32.790Z.
- Vendor
- ThemeGrill
- Product
- User Registration
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of WordPress sites utilizing the User Registration plugin versions <= 5.1.2 should prioritize patching this vulnerability to prevent potential exploitation.
Technical summary
CVE-2026-25425 is a high severity vulnerability (CVSS Score: 7.5) affecting User Registration plugin versions <= 5.1.2. The vulnerability is categorized as Unauthenticated Broken Access Control (CWE-862).
Defensive priority
High
Recommended defensive actions
- Update User Registration plugin to a version greater than 5.1.2.
- Review and apply patches provided by the vendor.
Evidence notes
Vendor and product information is currently unknown, but evidence from Patchstack suggests the vulnerability affects the User Registration plugin.
Official resources
-
CVE-2026-25425 CVE record
CVE.org
-
CVE-2026-25425 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-25425 was published on 2026-06-15T21:16:40.283Z and last modified on 2026-06-15T21:24:32.790Z.