Description
The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions 5.0.1 through 5.1.4. This is due to the `check_permissions()` method only checking for `edit_posts` capability instead of an administrator-level capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to list, create, modify, toggle, duplicate, and delete site-wide content restriction rules, potentially exposing restricted content or denying legitimate user access.
Published: 2026-03-23
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Modification of Content Restriction Rules
Action: Immediate Patch
AI Analysis

Impact

The User Registration & Membership plugin for WordPress permits authenticated users with Contributor-level permissions to misconfigure site-wide content restriction rules. The vulnerability arises from a missing capability check on the plugin’s REST API endpoints, where the check_permissions function only verifies the edit_posts capability instead of an administrator-level privilege. As a result, malicious contributors can list, create, modify, toggle, duplicate, and delete content restriction rules, exposing restricted material or denying legitimate users access. The weakness can lead to data exposure or denial of service for protected content.

Affected Systems

WordPress sites running the User Registration & Membership plugin versions 5.0.1 through 5.1.4 are affected. The plugin, offered by WP Everest, provides free and paid memberships, subscriptions, content restriction, user profiles, and a custom user registration and login builder. All installations using these versions of the plugin are susceptible.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity. Exploitation requires a valid user account with Contributor or higher privileges; no public exploit is listed in the CISA KEV catalog and EPSS data is unavailable. Because the attack vector is authenticated and dependent on the REST API, the likelihood of widespread exploitation is lower than for unauthenticated flaws, yet the impact on business processes—especially when content visibility is critical—requires prompt attention.

Generated by OpenCVE AI on March 24, 2026 at 03:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the User Registration & Membership plugin to the latest available version (at least 5.1.5).
  • Confirm that the REST API endpoints for content restriction rules no longer accept changes from Contributor-level users.
  • If an update is unavailable, remove or throttle Contributor permissions for the plugin or disable the affected REST API endpoints from user accounts.
  • Monitor WordPress logs for unexpected rule creation or modification events to detect any remaining unauthorized activity.

Generated by OpenCVE AI on March 24, 2026 at 03:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wpeverest
Wpeverest user Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
Vendors & Products Wordpress
Wordpress wordpress
Wpeverest
Wpeverest user Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

Tue, 24 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Description The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions 5.0.1 through 5.1.4. This is due to the `check_permissions()` method only checking for `edit_posts` capability instead of an administrator-level capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to list, create, modify, toggle, duplicate, and delete site-wide content restriction rules, potentially exposing restricted content or denying legitimate user access.
Title User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Wordpress Wordpress
Wpeverest User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:02:32.146Z

Reserved: 2026-03-12T16:26:32.690Z

Link: CVE-2026-4056

cve-icon Vulnrichment

Updated: 2026-03-25T19:21:04.787Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T00:16:31.403

Modified: 2026-03-24T15:53:48.067

Link: CVE-2026-4056

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:36:02Z

Weaknesses