User Registration & Membership unauthenticated admin account creation security flaw (CVE-2026-1492)
Vulnerability
Summary
Hide ▲
Show ▼
Active exploitation of CVE-2026-1492 in the User Registration & Membership plugin can let attackers create administrator accounts without authentication, putting 60,000+ WordPress sites at risk. The flaw exists because the plugin accepts a user-supplied role during membership registration. It affects all versions through 5.1.2. WPEverest fixed the issue in 5.1.3, and admins are advised to move to 5.1.4 or temporarily disable/uninstall the plugin.
Related Happenings
WordPress.org closes compromised EssentialPlugin plugins with forced update
Security Tool/Service
First: 15.04.2026 23:33
Last: 15.04.2026 23:33
Sources 1
About this happening:
**WordPress.org** closed the compromised **EssentialPlugin** plugins and forced an update, changing how affected sites received and ran the package. The move mattered because the...
WordPress.org closes compromised EssentialPlugin plugins with forced update
Security Tool/ServiceAbout this happening: **WordPress.org** closed the compromised **EssentialPlugin** plugins and forced an update, changing how affected sites received and ran the package. The move mattered because the...
Quiz and Survey Master SQL injection mitigation (CVE-2025-67987)
Advisory/Mitigation
First: 03.02.2026 18:15
Last: 03.02.2026 18:15
Sources 1
About this happening:
**Patchstack** published mitigation guidance for **CVE-2025-67987**, directing administrators to update **Quiz and Survey Master** to **version 10.3.2** to close a **SQL injection...
Quiz and Survey Master SQL injection mitigation (CVE-2025-67987)
Advisory/MitigationAbout this happening: **Patchstack** published mitigation guidance for **CVE-2025-67987**, directing administrators to update **Quiz and Survey Master** to **version 10.3.2** to close a **SQL injection...
Service Finder WordPress theme active auth bypass exploitation wave (CVE-2025-5947)
Exploitation Wave
First: 08.10.2025 18:57
Last: 08.10.2025 18:57
Sources 1
About this happening:
**CVE-2025-5947** is being exploited at scale against the **Service Finder WordPress theme**, with attackers using an authentication bypass to log in as administrators and take ov...
Service Finder WordPress theme active auth bypass exploitation wave (CVE-2025-5947)
Exploitation WaveAbout this happening: **CVE-2025-5947** is being exploited at scale against the **Service Finder WordPress theme**, with attackers using an authentication bypass to log in as administrators and take ov...
Timeline
-
05.03.2026 20:44 2 articles · 2mo ago
Active exploitation of CVE-2026-1492 in User Registration & Membership
Initial DisclosureDefiant says hackers are exploiting CVE-2026-1492 in the User Registration & Membership WordPress plugin, which is installed on more than 60,000 sites; the flaw lets an unauthenticated attacker create administrator accounts, enabling full site control, data theft, and malware delivery. Wordfence has blocked more than 200 exploit attempts in customer environments in the past 24 hours, and administrators are advised to update from versions through 5.1.2 to 5.1.4 or temporarily disable or uninstall the plugin if patching is not possible.
Show sources
- WordPress membership plugin bug exploited to create admin accounts — www.bleepingcomputer.com — 05.03.2026 20:44
- WordPress membership plugin bug exploited to create admin accounts — www.bleepingcomputer.com — 05.03.2026 20:44