Skip to main content

User Registration Membership CVE-2026-11961

| EUVDEUVD-2026-45146 HIGH
Improper Privilege Management (CWE-269)
2026-07-17 WPScan GHSA-55mp-h634-7h25
8.1
CVSS 3.1 · Vendor: WPScan
Share

Severity by source

Vendor (WPScan) PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.1 HIGH

Unauthenticated network exploitation (AV:N/PR:N/UI:N); AC:H because full admin impact needs a published admin-mapped tier to exist; C/I/A:H reflect potential full site takeover.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (WPScan).

CVSS VectorVendor: WPScan

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 17, 2026 - 14:24 vuln.today
CVSS changed
Jul 17, 2026 - 14:22 NVD
8.1 (HIGH)
Patch available
Jul 17, 2026 - 08:02 EUVD
CVE Published
Jul 17, 2026 - 06:00 cve.org
HIGH 8.1
CVE Published
Jul 17, 2026 - 06:00 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

The User Registration & Membership WordPress plugin before 5.2.3 does not validate that the membership tier submitted during public registration is one of the tiers allowed by the registration form before assigning that tier's associated user role, allowing unauthenticated users to register into an arbitrary published membership tier and obtain its role - up to administrator when such a tier exists.

AnalysisAI

Privilege escalation in the User Registration & Membership WordPress plugin before 5.2.3 lets unauthenticated visitors self-assign an arbitrary published membership tier during public registration, gaining that tier's user role - including administrator where such a tier exists. The plugin never validates that the tier submitted in the registration form is one the form actually offers, so an attacker simply tampers with the submitted tier value. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Locate public membership registration form
Delivery
Submit registration with tampered tier value
Exploit
Server skips tier validation (CWE-269)
Execution
Account assigned privileged tier role
Persist
Log in as administrator
Impact
Full site takeover

Vulnerability AssessmentAI

Exploitation Exploitation requires the site to expose a public (unauthenticated) registration form from the plugin and the target privileged role to be bound to a membership tier that is published; the attacker manipulates the membership-tier value submitted during registration, which the plugin fails to validate against the form's allowed tiers. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This is a genuine high-priority issue where the attacker prerequisites are met. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker visits a WordPress site running the plugin, opens a public membership registration form, and submits the request while tampering with the membership-tier parameter to reference a higher-privilege published tier such as an administrator-mapped one. Because the server does not validate the tier against the form's allowed set, the new account is granted that tier's role, potentially yielding full administrative control. …
Remediation Upgrade the plugin to version 5.2.3 or later (Vendor-released patch: 5.2.3), which enforces that the submitted membership tier belongs to the tiers the registration form permits. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, update the User Registration & Membership plugin to version 5.2.3 or later across all affected WordPress installations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-11961 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy