Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
WordPress plugin endpoint reachable over the network with no auth or user interaction (AV:N/AC:L/PR:N/UI:N); description and CWE-862 with A:H impact only support C:N/I:N/A:H, scope unchanged.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions.
AnalysisAI
Unauthenticated availability-impacting broken access control affects the ThemeGrill User Registration WordPress plugin versions 5.1.2 and earlier, allowing remote attackers to invoke privileged actions without credentials. The CVSS 7.5 score (AV:N/AC:L/PR:N/UI:N) reflects pure availability impact (A:H) with no confidentiality or integrity loss, and no public exploit identified at time of analysis. The flaw is classified as CWE-862 Missing Authorization and tracked by Patchstack and ENISA EUVD-2026-36911.
Technical ContextAI
User Registration is a popular WordPress plugin by ThemeGrill (CPE cpe:2.3:a:themegrill:user_registration) providing customizable registration forms, user profile management, and account workflows. CWE-862 (Missing Authorization) indicates that one or more plugin endpoints - typically AJAX actions or REST routes registered via add_action('wp_ajax_nopriv_*') or register_rest_route() - perform sensitive operations without invoking current_user_can() or a comparable capability check. Because the CVSS vector reports zero confidentiality or integrity impact but high availability impact, the missing check most plausibly guards a destructive or state-mutating operation (e.g., deleting user data, resetting form configuration, or triggering resource-exhausting routines) rather than a data read or privilege escalation path.
RemediationAI
Patch available per vendor advisory - upgrade the User Registration plugin to the latest release above 5.1.2 as published by ThemeGrill; the released patched version is not explicitly enumerated in the provided intelligence, so verify the fixed version through the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/user-registration/vulnerability/wordpress-user-registration-plugin-5-1-2-broken-access-control-vulnerability) and the plugin page on wordpress.org before deploying. Until upgrade is possible, restrict access to /wp-admin/admin-ajax.php and /wp-json/user-registration/* endpoints via a WAF rule or web server ACL limiting them to known IP ranges, accepting that this will break legitimate front-end registration flows that rely on those endpoints. As a stronger temporary control, deactivate the plugin entirely (which disables registration features on the site) until the patched version is verified and installed.
More in User Registration
View allThe User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and
The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX ac
The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url val
The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1
The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could all
A privilege escalation vulnerability exists in the wpeverest User Registration WordPress plugin through version 4.4.9 du
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Reg
The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vuln
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36911
GHSA-95h9-jr25-cwvj