{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T00:23:47.989","vulnerabilities":[{"cve":{"id":"CVE-2025-3284","sourceIdentifier":"security@wordfence.com","published":"2025-04-19T03:15:13.870","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.3. This is due to missing or incorrect nonce validation on the user_registration_pro_delete_account() function. This makes it possible for unauthenticated attackers to force delete users, including administrators, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."},{"lang":"es","value":"El complemento User Registration &amp; Membership – Custom Registration Form, Login Form, and User Profile para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 5.1.3 incluida. Esto se debe a la falta o a una validación de nonce incorrecta en la función user_registration_pro_delete_account(). Esto permite a atacantes no autenticados forzar la eliminación de usuarios, incluidos administradores, mediante una solicitud falsificada, dado que pueden engañar al administrador del sitio para que realice una acción como hacer clic en un enlace."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://wpuserregistration.com/changelog/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4616b609-e8dc-4004-a5b7-2de3e83719be?source=cve","source":"security@wordfence.com"}]}}]}