CVE-2026-11963
The CVE-2026-11963 entry concerns the WordPress plugin “User Registration & Membership” (up to version 5.2.1). It states that an authorization check is missing for a membership-upgrade action and that the target user is selected using a caller-supplied identifier rather than the current user. Thi...