BeyondMachines 

Critical Privilege Escalation Vulnerability Reported in WordPress User Registration Plugin

A critical vulnerability (CVE-2026-1492) in the WordPress User Registration & Membership plugin allows unauthenticated attackers to create administrator accounts by exploiting a lack of server-side role validation. Active exploitation has already been detected.

**If you are using User Registration & Membership plugin, this is urgent. Update to version 5.1.3 immediately, because this is an actively exploited flaw. If you can't update, disable user registration.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-privilege-escalation-vulnerability-reported-in-wordpress-user-registration-plugin-s-t-r-5-i/gD2P6Ple2L

Critical Privilege Escalation Vulnerability Reported in WordPress User Registration Plugin

A critical vulnerability (CVE-2026-1492) in the WordPress User Registration & Membership plugin allows unauthenticated attackers to create administrator accounts by exploiting a lack of server-side role validation. Active exploitation has already been detected.

BeyondMachines
Mar 4 at 10:01amWeb