Security Advisory

CVE-2026-1779

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-26 02:23:56

Last updated 2026-04-08 17:27:10

Assigner Wordfence

State PUBLISHED

Description

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the register_member function. This makes it possible for unauthenticated attackers to log in a newly registered user on the site who has the urm_user_just_created user meta set.

← Browse all CVEs View on cve.org ↗