Description
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a user-supplied role during membership registration without properly enforcing a server-side allowlist. This makes it possible for unauthenticated attackers to create administrator accounts by supplying a role value during membership registration.
Published: 2026-03-03
Score: 9.8 Critical
EPSS: 39.0% Moderate
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

The WordPress plugin User Registration & Membership up to version 5.1.2 fails to enforce a server‑side allowlist for the user‑supplied role during membership registration. An unauthenticated attacker can deliver a role value that grants administrator privileges, creating a fully privileged account without authenticating with the site. This flaw allows the attacker to gain complete control over the WordPress installation, including content publishing, plugin installation, and site configuration changes.

Affected Systems

The vulnerability affects the wpeverest User Registration & Membership plugin for WordPress, across all releases up to and including 5.1.2. Any WordPress site running a vulnerable version and permitting open membership registration is susceptible. The product is listed under the wpeverest vendor umbrella.

Risk and Exploitability

The flaw is rated CVSS 9.8, indicating critical severity. An EPSS score of 39% suggests that the exploit is likely to be used in the wild. The vulnerability is not currently listed in the CISA KEV catalog. Attackers can exploit the flaw simply by visiting the site’s registration page and submitting a form containing a role assignment of "administrator". No authentication or privileged access is required to initiate the attack, making it highly exploitable under typical conditions.

Generated by OpenCVE AI on April 15, 2026 at 17:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the User Registration & Membership plugin to the latest release that resolves the role validation issue.
  • Validate that the update removes the ability to assign roles during registration by testing with a non‑admin role and ensuring the form does not accept unauthorized role values.
  • Deploy additional server‑side protection, such as a role‑restriction plugin or custom validation code, to guard against future unwarranted role assignments during user registration.

Generated by OpenCVE AI on April 15, 2026 at 17:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wpeverest
Wpeverest user Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
Vendors & Products Wordpress
Wordpress wordpress
Wpeverest
Wpeverest user Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

Tue, 03 Mar 2026 04:45:00 +0000

Type Values Removed Values Added
Description The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a user-supplied role during membership registration without properly enforcing a server-side allowlist. This makes it possible for unauthenticated attackers to create administrator accounts by supplying a role value during membership registration.
Title User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Wordpress Wordpress
Wpeverest User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:03:11.800Z

Reserved: 2026-01-27T14:38:16.707Z

Link: CVE-2026-1492

cve-icon Vulnrichment

Updated: 2026-03-03T15:33:20.963Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-03T05:17:19.197

Modified: 2026-03-03T21:52:29.877

Link: CVE-2026-1492

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T18:00:15Z

Weaknesses