CVE-2026-1492

User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration

CVSS 9.8 CRITICALEPSS 25.5%CWE-269

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a user-supplied role during membership registration without properly enforcing a server-side allowlist. This makes it possible for unauthenticated attackers to create administrator accounts by supplying a role value during membership registration.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

wpeverest · User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

public PoCs found — 1

githubgithub.com/limo57640-crypto/wp-user-registration-vuln-checker★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://plugins.trac.wordpress.org/changeset/3469042/user-registration https://www.wordfence.com/threat-intel/vulnerabilities/id/7e9fec92-f471-4ce9-9138-1c58ad658da2?source=cve