User Registration & Membership
Moderate fix1 remedy
cpe:2.3:a:wpeverest:user_registration_&_membership:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 5.1.4
User Registration and Membership WordPress Plugin Missing Authorization Vulnerability in Content Access Rules API
Vulnerability
Patched
A vulnerability exists in the User Registration & Membership plugin for WordPress, specifically in versions 5.0.1 prior to 5.1.4. The issue arises from a missing capability check on the Content Access Rules REST API endpoints, allowing unauthorized data modification. The 'check_permissions()' method only verifies 'edit_posts' capability, rather than requiring administrator-level access. This flaw enables authenticated attackers with Contributor-level access and above to manipulate site-wide content restriction rules, including listing, creating, modifying, toggling, duplicating, and deleting rules. Such actions could inadvertently expose restricted content or disrupt access for legitimate users.
Impact
Exploitation of this vulnerability could lead to unauthorized manipulation of content access rules, potentially allowing restricted content to be accessed or legitimate users to be denied access.
Remediation
Users are advised to update the User Registration & Membership plugin to version 5.1.5 or a newer patched version.
Added: Mar 24, 2026, 12:41 AM
Updated: Mar 24, 2026, 12:41 AM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
7.5exploitability
6.1remediation
7.7relevance
4.6threat
3.2urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.