Back to overview

CVE-2026-11961

Description
The User Registration & Membership WordPress plugin before 5.2.3 does not validate that the membership tier submitted during public registration is one of the tiers allowed by the registration form before assigning that tier's associated user role, allowing unauthenticated users to register into an arbitrary published membership tier and obtain its role — up to administrator when such a tier exists.

Metadata

CVE ID
CVE-2026-11961
State
PUBLISHED
Assigner
WPScan
Reserved
2026-06-11 07:56 UTC
Published
2026-07-17 06:00 UTC
Last updated
2026-07-17 06:00 UTC
Vendor / Product
Unknown / User Registration & Membership
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Unknown User Registration & Membership 0 < 5.2.3
Weakness (CWE)
CWESourceDescription
cna CWE-269 Improper Privilege Management
Back to overview