Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Unauthenticated remote webhook forgery (AV:N/AC:L/PR:N/UI:N); primary impact is integrity from activating memberships (I:H), with only limited confidentiality from gained content access (C:L) and no availability impact.
Primary rating from Vendor (WPScan).
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
5DescriptionCVE.org
The User Registration & Membership WordPress plugin before 5.2.2 does not verify the authenticity of incoming payment-provider webhook notifications before acting on them, allowing unauthenticated attackers to forge a payment-approved event and activate a paid membership subscription without completing a real payment.
Articles & Coverage 2
AnalysisAI
Payment-verification bypass in the User Registration & Membership WordPress plugin before 5.2.2 lets unauthenticated attackers forge a payment-provider webhook to mark a subscription as paid, activating premium memberships without any real transaction. WPScan reports publicly available exploit code, though there is no public exploit identified as being used in active attacks (not in CISA KEV). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The specific prerequisite is that the site runs the User Registration & Membership plugin (before 5.2.2) with paid membership/subscription functionality enabled and its payment-provider webhook/callback endpoint exposed - which is the normal configuration for any site selling memberships. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, score 9.1) reflects a network-reachable, low-complexity, unauthenticated attack with no user interaction - highly favorable for an attacker. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker signs up (or targets an existing pending order) on a site running the vulnerable plugin, then sends a crafted HTTP POST to the plugin's payment webhook endpoint mimicking a 'payment approved' event for their account. Because the plugin does not verify the notification's authenticity, it activates the paid membership and grants access to gated content - with no payment made. … |
| Remediation | Vendor-released patch: upgrade the User Registration & Membership plugin to version 5.2.2 or later, which is available from the vendor per the WPScan advisory (https://wpscan.com/vulnerability/faf55649-8f76-4abf-a6b9-0d0774e22d29/). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, immediately disable the User Registration & Membership plugin and review webhook and subscription logs for suspicious activity indicating exploitation. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in User Registration Membership
View allThe User Registration & Membership WordPress plugin before version 4.1.2 fails to prevent users from setting their accou
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when
Privilege escalation in the User Registration & Membership WordPress plugin before 5.2.2 lets any authenticated low-priv
Deserialization of Untrusted Data vulnerability in WPEverest User Registration.3.2.1. Rated high severity (CVSS 7.4), th
The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vuln
The User Registration - Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is
The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vuln
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43285
GHSA-6f2x-47pc-8mpq