Impact
Unauthenticated broken access control exists in the WordPress User Registration Plugin versions up to 5.1.2, allowing an attacker to create new user accounts without authentication. This flaw can be exploited to establish accounts with arbitrary privileges, potentially leading to full site compromise if privilege escalation routes exist. The weakness is a classic access‑control violation, reflected by CWE‑862.
Affected Systems
The affected product is the ThemeGrill WordPress User Registration Plugin, specifically all releases up to and including 5.1.2. Administrators running WordPress sites with these plugin versions are at risk; the exact versions are not enumerated beyond the <5.1.3 threshold.
Risk and Exploitability
The CVSS score of 7.5 indicates high severity, but the EPSS score of less than 1% suggests a very low likelihood of widespread exploitation. The vulnerability is not currently listed in the CISA KEV catalog. An attacker would likely exploit the plugin via standard HTTP requests targeting the registration endpoint, requiring no credentials or special environment,
OpenCVE Enrichment