The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirm_payment() function in all versions up to, and including, 5.2.0. This makes it possible for unauthenticated attackers to bypass payment processing and activate paid memberships.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|
References
History
Fri, 26 Jun 2026 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirm_payment() function in all versions up to, and including, 5.2.0. This makes it possible for unauthenticated attackers to bypass payment processing and activate paid memberships. | |
| Title | User Registration & Membership <= 5.2.0 - Missing Authorization to Unauthenticated Payment Bypass | |
| Weaknesses | CWE-862 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-06-26T07:54:20.843Z
Reserved: 2026-02-03T22:55:07.904Z
Link: CVE-2026-1869
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-26T09:30:16Z