CVE-2026-11963
The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and
CVSS
8.1
Alto
EPSS
0.2%
p10
KEV
—
Exploit Today
3
0-100
Publicado: 13 jul 2026 · Última mod.: 13 jul 2026
0.1%EPSS · 30 días0.2%
2026-07-132026-07-17
The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change another user's WordPress role and membership tier.
Sin CVEs relacionados por CWE o producto.