The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a user-supplied role during membership registration without properly enforcing a server-side allowlist. This makes it possible for unauthenticated attackers to create administrator accounts by supplying a role value during membership registration.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
History
Tue, 03 Mar 2026 04:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a user-supplied role during membership registration without properly enforcing a server-side allowlist. This makes it possible for unauthenticated attackers to create administrator accounts by supplying a role value during membership registration. | |
| Title | User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration | |
| Weaknesses | CWE-269 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-03-03T04:33:20.922Z
Reserved: 2026-01-27T14:38:16.707Z
Link: CVE-2026-1492
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-03-03T05:17:19.197
Modified: 2026-03-03T05:17:19.197
Link: CVE-2026-1492
Redhat
No data.
OpenCVE Enrichment
No data.