WPEverest User Registration & Membership
Moderate fix1 remedy
cpe:2.3:a:wpeverest:user_registration_&_membership:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 5.1.5
User Registration and Membership WordPress Plugin Insecure Direct Object Reference Vulnerability Allowing Arbitrary Media Deletion
Vulnerability
Patched
A vulnerability exists in the User Registration & Membership WordPress plugin, specifically in versions through 5.1.5. The issue is an Insecure Direct Object Reference (IDOR) that arises from a lack of ownership validation on user-controlled attachment IDs. This flaw enables authenticated attackers with subscriber-level access or higher to delete any media attachments, including those uploaded by administrators, without permission. The vulnerability is exploited by manipulating the 'profile-pic-url' parameter to remove specified media attachments.
Impact
Exploitation of this vulnerability allows for the unauthorized deletion of media attachments from any user, including administrators.
Reproduction
To reproduce this vulnerability, an authenticated user with subscriber-level access can send a request that includes the 'profile-pic-url' or 'profile_pic_url' parameter. This parameter can be used to specify the ID of a media attachment to be deleted. The absence of proper validation allows the attacker to delete attachments that may belong to other users.
Remediation
Users are advised to update the User Registration & Membership plugin to version 5.1.6 or later, where this vulnerability has been patched.
Added: May 28, 2026, 8:40 AM
Updated: May 28, 2026, 8:40 AM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
0.6exploitability
6.4remediation
7.7relevance
9.7threat
4.8urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.