CVE-2026-1779

by Fred · 26/02/2026

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the ‘register_member’ function. This makes it possible for unauthenticated attackers to log in a newly registered user on the site who has the ‘urm_user_just_created’ user meta set.

More information : https://plugins.trac.wordpress.org/browser/user-registration/tags/5.0.4/modules/membership/includes/AJAX.php#L246

CVE-2026-1779

Similar

Recent Posts

Categories

CVE-2026-1779

Share this:

Similar

Recent Posts

Categories

Tags