Description
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to SQL Injection via the ‘membership_ids[]’ parameter in all versions up to, and including, 5.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Published: 2026-04-08
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Immediate Patch
AI Analysis

Impact

The User Registration & Membership plugin for WordPress, developed by WP Everest, contains a SQL Injection vulnerability in all versions up to 5.1.2. The flaw occurs in the membership_ids[] parameter, where user input is not properly escaped and the SQL query does not use prepared statements. An authenticated attacker with a Subscriber role or higher can craft input that appends additional SQL statements and extract sensitive database information.

Affected Systems

WordPress installations that use the WP Everest User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin are affected. Any release version 5.1.2 or earlier is vulnerable, regardless of WordPress version.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. Because the vulnerability requires authenticated access at Subscriber level or above, an attacker must have legitimate user credentials. No EPSS score or KEV listing is available, but the potential to retrieve arbitrary data gives a significant confidentiality risk. The attack vector is authenticated, based on the requirement for a subscriber role; it cannot be exploited by unauthenticated users.

Generated by OpenCVE AI on April 8, 2026 at 12:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the plugin to the latest available version.
  • If a new version is not yet released, temporarily deactivate the plugin until an update is available.
  • Verify that recent database backups are available before making changes.
  • Check the plugin’s official repository or support channels for security advisories and patches.

Generated by OpenCVE AI on April 8, 2026 at 12:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wpeverest
Wpeverest user Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
Vendors & Products Wordpress
Wordpress wordpress
Wpeverest
Wpeverest user Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

Wed, 08 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 11:45:00 +0000

Type Values Removed Values Added
Description The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to SQL Injection via the ‘membership_ids[]’ parameter in all versions up to, and including, 5.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Title User Registration & Membership <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[]
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Wordpress Wordpress
Wpeverest User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:34:04.366Z

Reserved: 2026-02-03T21:08:12.868Z

Link: CVE-2026-1865

cve-icon Vulnrichment

Updated: 2026-04-08T13:11:20.512Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T12:16:20.440

Modified: 2026-04-08T21:26:13.410

Link: CVE-2026-1865

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:39:52Z

Weaknesses