{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1779", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-02T18:22:15.860Z", "datePublished": "2026-02-26T02:23:56.402Z", "dateUpdated": "2026-04-08T17:27:10.385Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:27:10.385Z"}, "affected": [{"vendor": "wpeverest", "product": "User Registration & Membership \u2013 Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.1.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthenticated attackers to log in a newly registered user on the site who has the 'urm_user_just_created' user meta set."}], "title": "User Registration & Membership <= 5.1.2 - Authentication Bypass", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d99bc021-ba9e-4294-8dd2-c25bc8007d05?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/5.0.4/modules/membership/includes/AJAX.php#L246"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "cweId": "CWE-288", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jude Nwadinobi"}], "timeline": [{"time": "2026-02-02T18:39:15.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-02-25T13:29:34.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T14:36:20.088195Z", "id": "CVE-2026-1779", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:36:33.220Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1779", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-26T14:36:20.088195Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:36:27.860Z"}}], "cna": {"title": "User Registration & Membership <= 5.1.2 - Authentication Bypass", "credits": [{"lang": "en", "type": "finder", "value": "Jude Nwadinobi"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "wpeverest", "product": "User Registration & Membership \u2013 Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.1.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-02T18:39:15.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-02-25T13:29:34.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d99bc021-ba9e-4294-8dd2-c25bc8007d05?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/5.0.4/modules/membership/includes/AJAX.php#L246"}], "descriptions": [{"lang": "en", "value": "The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthenticated attackers to log in a newly registered user on the site who has the 'urm_user_just_created' user meta set."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:27:10.385Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1779", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:27:10.385Z", "dateReserved": "2026-02-02T18:22:15.860Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-26T02:23:56.402Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthenticated attackers to log in a newly registered user on the site who has the 'urm_user_just_created' user meta set."}, {"lang": "es", "value": "El plugin User Registration &amp; Membership para WordPress es vulnerable a una omisi\u00f3n de autenticaci\u00f3n en versiones hasta la 5.1.2, inclusive. Esto se debe a una autenticaci\u00f3n incorrecta en la funci\u00f3n 'register_member'. Esto posibilita que atacantes no autenticados inicien sesi\u00f3n como un usuario reci\u00e9n registrado en el sitio que tiene establecida la meta de usuario 'urm_user_just_created'."}], "id": "CVE-2026-1779", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-26T03:16:03.827", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/5.0.4/modules/membership/includes/AJAX.php#L246"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d99bc021-ba9e-4294-8dd2-c25bc8007d05?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.1.2]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "User Registration & Membership \u2013 Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder", "source": "cna", "vendor": "wpeverest"}, "product": "user_registration_&_membership_\u2013_free_&_paid_memberships,_subscriptions,_content_restriction,_user_profile,_custom_user_registration_&_login_builder", "vendor": "wpeverest"}], "analysis": {"en": {"generated_at": "2026-04-15T16:53:36.035788+00:00", "value": {"mitigation_remediation": ["Upgrade to User Registration & Membership plugin version 5.1.3 or newer, which includes a proper authentication gate.", "Restrict access to the AJAX registration endpoint to authenticated or role\u2011checked requests wherever possible.", "Monitor user registration and login logs for suspicious activity such as accounts being created and immediately logged in without credentials."], "summary": {"action": "Patch Now", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "WordPress sites that use the User Registration & Membership plugin by WP Everest, version 5.1.2 or any earlier release. The issue is tied to the register_member function exposed via the plugin\u2019s AJAX endpoint. Users should verify they are running a fixed version, preferably 5.1.3 or later.", "description_and_impact": "The User Registration & Membership plugin contains an authentication bypass flaw caused by improper checks in the register_member routine. It allows an attacker who cannot authenticate to choose the user meta urm_user_just_created and then obtain a logged\u2011in session for the newly created user. This flaw can grant unauthorized access to a site account, potentially leading to privilege escalation, content theft or other malicious activity. The weakness aligns with CWE-288, which concerns authentication bypass or flaws.", "risk_and_exploitability": "The vulnerability scores high with 8.1 on CVSS but has a very low exploitation probability (EPSS <1%). The flaw is not currently enumerated in the CISA KEV catalog. The best\u2011guess attack path involves an unauthenticated user calling the plugin\u2019s AJAX register page, setting the special meta field, and triggering the bypass. Once the meta is present, the user can automatically be logged in, bypassing normal credential validation. Although the threat is high, the likelihood of public exploitation remains low at present."}}}}, "created": "2026-02-26T13:09:46.351214+00:00", "updated": "2026-04-15T17:00:07.072068+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wpeverest", "wpeverest$PRODUCT$user_registration_&_membership_\u2013_free_&_paid_memberships,_subscriptions,_content_restriction,_user_profile,_custom_user_registration_&_login_builder"]}