Primary

Context

User Registration & Membership WordPress Plugin Authentication Bypass Vulnerability

Vulnerability

Patched

An authentication bypass vulnerability has been identified in the User Registration & Membership WordPress plugin, affecting versions prior to 4.1.3. When the Membership Addon is enabled, the plugin fails to properly validate data in an AJAX action. This flaw allows attackers to authenticate as any user, including administrators, by simply using the target account's user ID.

Impact

Exploitation of this vulnerability allows for unauthorized authentication, potentially leading to privileged actions if an administrator account is targeted.

Remediation

Users of the User Registration & Membership WordPress plugin should update to version 4.1.3 or later. For the Pro version, update to version 5.1.3 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

9.7

remediation

7.7

relevance

0.0

threat

6.7

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

9.7

remediation

7.7

relevance

0.0

threat

6.7

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

User Registration & Membership WordPress Plugin Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

User Registration & Membership

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating