Summary
A critical vulnerability (CVE-2026-1492) in the WordPress User Registration & Membership plugin allows unauthenticated attackers to create administrator accounts by exploiting a lack of server-side role validation. Active exploitation has already been detected.
Take Action:
If you are using User Registration & Membership plugin, this is urgent. Update to version 5.1.3 immediately, because this is an actively exploited flaw. If you can't update, disable user registration.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)