WordPress Plugin Vulnerability Enables Admin Takeover via Auth Bypass

A newly disclosed vulnerability, tracked as CVE-2026-1492, has been identified in the User Registration & Membership plugin for WordPress, exposing websites to critical authentication bypass and privilege escalation risks. Affecting versions up to 5.1.2, the vulnerability allows remote attackers to gain full administrative access without valid credentials. The affected plugin, widely used to manage user registration and membership […] The post WordPress Plugin Vulnerability Enables Admin Takeover via Auth Bypass appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

First seen on gbhackers.com

Jump to article: gbhackers.com/wordpress-plugin-vulnerability-6/