CVE-2026-11965
The CVE concerns the WordPress plugin “User Registration & Membership” versions before 5.2.0. The vulnerability is that the plugin does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users who self-register to activate any paid plan and a...