Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from Vendor (WPScan) · only source for this CVE.
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
The User Registration & Membership WordPress plugin before 5.2.3 does not perform a capability check for unauthenticated callers on one of its membership payment actions and acts on a caller-supplied user identifier, allowing unauthenticated attackers to delete recently-registered, payment-pending user accounts.
Analysis
The User Registration & Membership WordPress plugin before 5.2.3 does not perform a capability check for unauthenticated callers on one of its membership payment actions and acts on a caller-supplied user identifier, allowing unauthenticated attackers to delete recently-registered, payment-pending user accounts.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Threat intelligence, references, and detailed analysis are available after sign-in.
More in User Registration Membership
View allThe User Registration & Membership WordPress plugin before version 4.1.2 fails to prevent users from setting their accou
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when
Payment-verification bypass in the User Registration & Membership WordPress plugin before 5.2.2 lets unauthenticated att
Privilege escalation in the User Registration & Membership WordPress plugin before 5.2.3 lets unauthenticated visitors s
Privilege escalation in the User Registration & Membership WordPress plugin before 5.2.2 lets any authenticated low-priv
Deserialization of Untrusted Data vulnerability in WPEverest User Registration.3.2.1. Rated high severity (CVSS 7.4), th
The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vuln
The User Registration - Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is
The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vuln
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45147
GHSA-2wp6-4gxm-vfvx