Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Unauthenticated network exploitation (AV:N/PR:N/UI:N); AC:H because full admin impact needs a published admin-mapped tier to exist; C/I/A:H reflect potential full site takeover.
Primary rating from Vendor (WPScan).
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
The User Registration & Membership WordPress plugin before 5.2.3 does not validate that the membership tier submitted during public registration is one of the tiers allowed by the registration form before assigning that tier's associated user role, allowing unauthenticated users to register into an arbitrary published membership tier and obtain its role - up to administrator when such a tier exists.
AnalysisAI
Privilege escalation in the User Registration & Membership WordPress plugin before 5.2.3 lets unauthenticated visitors self-assign an arbitrary published membership tier during public registration, gaining that tier's user role - including administrator where such a tier exists. The plugin never validates that the tier submitted in the registration form is one the form actually offers, so an attacker simply tampers with the submitted tier value. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the site to expose a public (unauthenticated) registration form from the plugin and the target privileged role to be bound to a membership tier that is published; the attacker manipulates the membership-tier value submitted during registration, which the plugin fails to validate against the form's allowed tiers. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This is a genuine high-priority issue where the attacker prerequisites are met. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker visits a WordPress site running the plugin, opens a public membership registration form, and submits the request while tampering with the membership-tier parameter to reference a higher-privilege published tier such as an administrator-mapped one. Because the server does not validate the tier against the form's allowed set, the new account is granted that tier's role, potentially yielding full administrative control. … |
| Remediation | Upgrade the plugin to version 5.2.3 or later (Vendor-released patch: 5.2.3), which enforces that the submitted membership tier belongs to the tiers the registration form permits. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, update the User Registration & Membership plugin to version 5.2.3 or later across all affected WordPress installations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in User Registration Membership
View allThe User Registration & Membership WordPress plugin before version 4.1.2 fails to prevent users from setting their accou
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when
Payment-verification bypass in the User Registration & Membership WordPress plugin before 5.2.2 lets unauthenticated att
Privilege escalation in the User Registration & Membership WordPress plugin before 5.2.2 lets any authenticated low-priv
The User Registration & Membership WordPress plugin before 5.2.3 does not perform a capability check for unauthenticate
Deserialization of Untrusted Data vulnerability in WPEverest User Registration.3.2.1. Rated high severity (CVSS 7.4), th
The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vuln
The User Registration - Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is
The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vuln
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45146
GHSA-55mp-h634-7h25