CVE-2026-1779

High CVSS: 8.1

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthenticated attackers to log in a newly registered user on the site who has the 'urm_user_just_created' user meta set.

Vendor

Product

CWE

CWE-288

Yayın Tarihi

2026-02-26 03:16:03

Güncelleme

2026-02-27 14:06:59

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-288 HIGH 2026

Referanslar

https://plugins.trac.wordpress.org/browser/user-registration/tags/5.0.4/modules/membership/includes/AJAX.php#L246 https://www.wordfence.com/threat-intel/vulnerabilities/id/d99bc021-ba9e-4294-8dd2-c25bc8007d05?source=cve