User Registration & Membership
cpe:2.3:a:wpeverest:user_registration_&_membership:*:*:*:*:wordpress:*:*
- <= 5.1.2
A vulnerability exists in the User Registration & Membership WordPress plugin, specifically in versions through 5.1.2. The issue stems from improper privilege management, as the plugin allows users to specify roles during membership registration without adequate server-side validation. This flaw enables unauthenticated attackers to create administrator accounts by manipulating the role value during the registration process.
Exploitation of this vulnerability allows for unauthorized users to gain administrative privileges on the WordPress site.
Users can update to version 5.1.3 or a newer patched version to address this vulnerability.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.