Critical WordPress Plugin Vulnerability Exploited in Active Attacks
A severe security flaw in the User Registration & Membership WordPress plugin installed on over 60,000 websites is being actively exploited by cybercriminals, granting unauthorized access to vulnerable sites. The vulnerability allows attackers to bypass authentication protocols, enabling full control over affected installations.
Attackers are leveraging the flaw by crafting malicious payloads that manipulate the plugin’s core functions, evading standard security measures. Observed exploitation methods include:
- Bypassing user authentication checks
- Deploying targeted payloads
- Circumventing security defenses
The consequences of unpatched systems are severe, including data breaches, website defacement, and ransomware deployment, posing risks to both site owners and end users. The plugin’s developers have released a patch to address the issue, but delayed updates leave sites exposed.
Administrators are urged to immediately update the plugin to the latest version and implement additional security measures, such as monitoring for suspicious activity and conducting regular audits. The incident underscores the ongoing risks of unpatched third-party plugins in WordPress ecosystems.
MemberFix cybersecurity rating report: https://www.rankiteo.com/company/memberfix
"id": "MEM1772799935",
"linkid": "memberfix",
"type": "Vulnerability",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Various',
'size': 'Over 60,000 websites',
'type': 'Website'}],
'attack_vector': 'Exploitation of vulnerable WordPress plugin',
'description': 'A severe security flaw in the User Registration & Membership '
'WordPress plugin installed on over 60,000 websites is being '
'actively exploited by cybercriminals, granting unauthorized '
'access to vulnerable sites. The vulnerability allows '
'attackers to bypass authentication protocols, enabling full '
'control over affected installations. Attackers are leveraging '
'the flaw by crafting malicious payloads that manipulate the '
'plugin’s core functions, evading standard security measures.',
'impact': {'brand_reputation_impact': 'Yes',
'data_compromised': 'Yes',
'operational_impact': 'Full control over affected installations',
'systems_affected': 'WordPress websites using the vulnerable '
'plugin'},
'lessons_learned': 'Ongoing risks of unpatched third-party plugins in '
'WordPress ecosystems',
'post_incident_analysis': {'corrective_actions': 'Patch released by '
'developers, advisories to '
'update immediately',
'root_causes': 'Unpatched vulnerability in '
'WordPress plugin'},
'recommendations': 'Immediately update the plugin to the latest version, '
'implement additional security measures such as monitoring '
'for suspicious activity, and conduct regular audits',
'response': {'communication_strategy': 'Advisories to administrators',
'containment_measures': 'Immediate plugin update',
'enhanced_monitoring': 'Monitoring for suspicious activity',
'remediation_measures': 'Patch released by developers'},
'title': 'Critical WordPress Plugin Vulnerability Exploited in Active Attacks',
'type': 'Authentication Bypass',
'vulnerability_exploited': 'User Registration & Membership WordPress plugin '
'vulnerability'}