EUVD-2026-9277

🗓️ 03 Mar 2026 04:33:20Reported by EUVDType

WordPress User Registration and Membership plugin lets unauthenticated users assign administrator role during registration due to a missing allowlist.

Reporter	Title	Published	Views	Family All 16
GithubExploit	Exploit for CVE-2026-1492	10 Mar 202600:28	–	githubexploit
GithubExploit	Exploit for CVE-2026-1492	18 Apr 202609:18	–	githubexploit
Circl	CVE-2026-1492	3 Mar 202606:00	–	circl
CNNVD	WordPress plugin User Registration & Membership 安全漏洞	3 Mar 202600:00	–	cnnvd
CVE	CVE-2026-1492	3 Mar 202604:33	–	cve
Cvelist	CVE-2026-1492 User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration	3 Mar 202604:33	–	cvelist
Nuclei	WordPress User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation	3 Jun 202606:04	–	nuclei
NVD	CVE-2026-1492	3 Mar 202605:17	–	nvd
Patchstack	WordPress User Registration & Membership plugin <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration vulnerability	3 Mar 202607:58	–	patchstack
Positive Technologies	PT-2026-22718	3 Mar 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "dfea8f88-e0a6-3ea5-bbe4-6d6479e96ded",
        "vendor": {
          "name": "WPEverest"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "2b6e46d6-466d-315a-8907-5f6a4ff3e4cd",
        "product": {
          "name": "User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder"
        },
        "product_version": "* ≤5.1.2"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/7e9fec92-f471-4ce9-9138-1c58ad658da2
plugins	www.plugins.trac.wordpress.org/changeset/3469042/user-registration

03 Mar 2026 04:33Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.19.8

EPSS0.24774