User Registration and Membership WordPress Plugin Improper Privilege Management Vulnerability

Vulnerability

A vulnerability exists in the User Registration & Membership WordPress plugin, specifically in versions through 5.1.2. The issue stems from improper privilege management, as the plugin allows users to specify roles during membership registration without adequate server-side validation. This flaw enables unauthenticated attackers to create administrator accounts by manipulating the role value during the registration process.

Impact

Exploitation of this vulnerability allows for unauthorized users to gain administrative privileges on the WordPress site.

Remediation

Users can update to version 5.1.3 or a newer patched version to address this vulnerability.

Added: Mar 3, 2026, 5:20 AM
Updated: Mar 3, 2026, 5:20 AM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
5.0
exploitability
8.2
remediation
7.7
relevance
2.3
threat
3.7
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.