Critical WordPress Plugin Flaw Exposes Millions of Sites to Full Takeover
A newly disclosed critical vulnerability in the WordPress User Registration & Membership plugin (CVE-2026-1492) allows unauthenticated attackers to create administrator accounts, granting them full control over affected websites. The flaw, rated 9.8/10 on the CVSS scale, impacts all plugin versions up to and including 5.1.2.
The issue stems from a privilege management flaw in the plugin’s registration form builder, where user-supplied role values are accepted without server-side validation. Attackers can exploit this by injecting an "administrator" role into registration requests, bypassing authentication entirely. Once granted admin access, threat actors can install backdoors, steal data, or deploy malware including phishing redirects and exploit kits.
Security researcher Friderika Baranyai (Foxyyy) of Wordfence Intelligence discovered the vulnerability, and active exploitation has already been observed. Wordfence blocked 74 distinct attack attempts targeting CVE-2026-1492 within a 24-hour period, demonstrating the speed at which attackers weaponize such flaws.
The plugin’s developers released a patch in version 5.1.3, urging all users to update immediately. Site administrators are also advised to audit user accounts for unauthorized admins and rotate passwords to mitigate lingering access risks.
This incident follows recent security issues in the same plugin, including an authentication bypass (CVE-2026-1779) and a post-deletion flaw, underscoring the persistent targeting of WordPress plugins by automated attacks. The rapid exploitation of such vulnerabilities highlights the need for timely patching and robust access controls in WordPress deployments.
Source: https://cyberpress.org/wordpress-membership-plugin-vulnerability/
Pie Register cybersecurity rating report: https://www.rankiteo.com/company/pie-register-wordpress-registration-plugin
"id": "PIE1772785479",
"linkid": "pie-register-wordpress-registration-plugin",
"type": "Vulnerability",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Web Development, Content Management '
'Systems',
'location': 'Global',
'name': 'WordPress User Registration & Membership '
'Plugin Users',
'size': 'Millions of sites',
'type': 'Software/Plugin'}],
'attack_vector': 'Remote Exploitation',
'customer_advisories': 'Site administrators advised to audit user accounts '
'and rotate passwords.',
'data_breach': {'data_exfiltration': 'Potential (unspecified)'},
'description': 'A newly disclosed critical vulnerability in the WordPress '
'User Registration & Membership plugin (CVE-2026-1492) allows '
'unauthenticated attackers to create administrator accounts, '
'granting them full control over affected websites. The flaw '
'enables threat actors to install backdoors, steal data, or '
'deploy malware including phishing redirects and exploit kits.',
'impact': {'brand_reputation_impact': 'High (potential phishing redirects, '
'exploit kits)',
'data_compromised': 'Potential data theft (unspecified)',
'identity_theft_risk': 'High (if PII was compromised)',
'operational_impact': 'Full site takeover, backdoor installation, '
'malware deployment',
'systems_affected': 'WordPress sites using User Registration & '
'Membership plugin (versions ≤5.1.2)'},
'initial_access_broker': {'backdoors_established': 'Potential (unspecified)'},
'investigation_status': 'Ongoing (active exploitation observed)',
'lessons_learned': 'Timely patching and robust access controls are critical '
'for WordPress deployments. Automated attacks rapidly '
'exploit vulnerabilities in widely used plugins.',
'motivation': 'Data Theft, Malware Deployment, Unauthorized Access',
'post_incident_analysis': {'corrective_actions': 'Plugin patch (version '
'5.1.3) to enforce '
'server-side role '
'validation.',
'root_causes': 'Lack of server-side validation for '
'user-supplied role values in '
'registration form builder.'},
'recommendations': '1. Immediately update the User Registration & Membership '
'plugin to version 5.1.3. 2. Audit user accounts for '
'unauthorized administrator roles. 3. Rotate passwords for '
'all accounts. 4. Monitor for signs of backdoors or '
'malware. 5. Implement server-side validation for user '
'roles in all plugins.',
'references': [{'source': 'Wordfence Intelligence'}],
'response': {'communication_strategy': 'Public disclosure by Wordfence '
'Intelligence, plugin developers urged '
'updates',
'containment_measures': 'Plugin patch (version 5.1.3) released',
'enhanced_monitoring': 'Wordfence blocked 74 distinct attack '
'attempts in 24 hours',
'remediation_measures': 'Update to version 5.1.3, audit user '
'accounts for unauthorized admins, '
'rotate passwords',
'third_party_assistance': 'Wordfence Intelligence (monitoring '
'and blocking attacks)'},
'stakeholder_advisories': 'Plugin developers released patch (version 5.1.3); '
'users urged to update immediately.',
'title': 'Critical WordPress Plugin Flaw Exposes Millions of Sites to Full '
'Takeover',
'type': 'Privilege Escalation',
'vulnerability_exploited': 'CVE-2026-1492 (Privilege Management Flaw in User '
'Registration & Membership Plugin)'}