Critical WordPress Plugin Bug Allows Authentication Bypass, Admin Takeover
ID: 3530cb66-13eb-5df4-aacf-ca41139656e8
STIX ID: report--3530cb66-13eb-5df4-aacf-ca41139656e8
Feed Name: Cyber Press
Threat Score
**CVE-2026-1492:** A critical authentication-bypass vulnerability in the User Registration & Membership WordPress plugin (≤ v5.1.2) allows unauthenticated attackers to reuse client-exposed nonces to craft AJAX requests to /wp-admin/admin-ajax.php, enabling administrative account creation, role elevation, plugin/theme modification, and full site takeover; vendor patched in v5.1.3 and administrators should upgrade and monitor for suspicious POSTs to AJAX endpoints.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.