The User Registration & Membership plugin contains an authentication bypass flaw caused by improper checks in the register_member routine. It allows an attacker who cannot authenticate to choose the user meta urm_user_just_created and then obtain a logged‑in session for the newly created user. This flaw can grant unauthorized access to a site account, potentially leading to privilege escalation, content theft or other malicious activity. The weakness aligns with CWE-288, which concerns authentication bypass or flaws.

WordPress sites that use the User Registration & Membership plugin by WP Everest, version 5.1.2 or any earlier release. The issue is tied to the register_member function exposed via the plugin’s AJAX endpoint. Users should verify they are running a fixed version, preferably 5.1.3 or later.

The vulnerability scores high with 8.1 on CVSS but has a very low exploitation probability (EPSS <1%). The flaw is not currently enumerated in the CISA KEV catalog. The best‑guess attack path involves an unauthenticated user calling the plugin’s AJAX register page, setting the special meta field, and triggering the bypass. Once the meta is present, the user can automatically be logged in, bypassing normal credential validation. Although the threat is high, the likelihood of public exploitation remains low at present.