A critical security flaw in the User Registration & Membership WordPress plugin (versions 5.1.2 and earlier) can allow unauthenticated attackers to bypass authentication and gain full administrative access to affected sites.

Exposed nonce values in client-side JavaScript are accessible to unauthenticated users, facilitating unauthorized backend requests and increasing the risk of administrative access.

Remediation involves upgrading to a non-vulnerable plugin version, auditing authentication checks, and securing client-side data and nonce handling to prevent exploitation.

Attackers can exploit the flaw by abusing exposed client-side data and manipulating parameters that influence authentication and privilege assignment, without needing credentials.

Once administrative privileges are obtained, attackers can expose sensitive user data and potentially take full control of the site.

The vulnerability, tracked as CVE-2026-1492, stems from improper server-side validation and weak authorization checks within the plugin’s membership registration workflow.

Backend endpoints handling membership actions lack proper authentication or authorization checks, enabling privilege escalation.