CVE-2026-1779HIGH 8.1EPSS p25.1%

CVE-2026-1779CVE-2026-1779

Description

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthenticated attackers to log in a newly registered user on the site who has the 'urm_user_just_created' user meta set.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.34% probability of exploitation · percentile 25.1% · 2026-06-19T12:03:05Z
Published2026-02-26
Last modified2026-04-15

Underlying weaknesses· 1

CWE-288

References

  1. https://plugins.trac.wordpress.org/browser/user-registration/tags/5.0.4/modules/membership/includes/AJAX.php#L246
  2. https://www.wordfence.com/threat-intel/vulnerabilities/id/d99bc021-ba9e-4294-8dd2-c25bc8007d05?source=cve

1

TypeTargetConfidenceTier
WeaknessAuthentication Bypass Using an Alternate Path or Channelcwe-2880%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-1492
CVE
CVE-2025-2594
CVE
CVE-2025-2563
CVE
CVE-2025-67956
CVE
CVE-2025-3278
CVE
CVE-2026-0844
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.