CVE-2026-11965
User Registration & Membership < 5.2.0 - Unauthenticated Paid Membership Bypass
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users (after self-registering an account through the open registration flow) to obtain an active subscription on any paid plan without paying and access the gated content.
| Vendor | unknown |
| Product | user registration & membership |
| Published | Jul 2, 2026 |
| Last Updated | Jul 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown user registration & membership
Be the first to know when new medium vulnerabilities affecting unknown user registration & membership are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / User Registration & Membership
0 < 5.2.0
References
Credits
John Umoru WPScan