๐Ÿ” CVE Alert

CVE-2026-11965

MEDIUM 6.5

User Registration & Membership < 5.2.0 - Unauthenticated Paid Membership Bypass

CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th

The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users (after self-registering an account through the open registration flow) to obtain an active subscription on any paid plan without paying and access the gated content.

Vendor unknown
Product user registration & membership
Published Jul 2, 2026
Last Updated Jul 2, 2026
Stay Ahead of the Next One

Get instant alerts for unknown user registration & membership

Be the first to know when new medium vulnerabilities affecting unknown user registration & membership are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / User Registration & Membership
0 < 5.2.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/49f4c59e-5931-405d-8518-244531bbc889/

Credits

John Umoru WPScan