CVE-2026-11965
The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership su
CVSS
6.5
Medio
EPSS
0.2%
p6
KEV
—
Exploit Today
2
0-100
Publicado: 2 jul 2026 · Última mod.: 2 jul 2026
0.1%EPSS · 30 días0.2%
2026-07-022026-07-17
The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users (after self-registering an account through the open registration flow) to obtain an active subscription on any paid plan without paying and access the gated content.
Sin CVEs relacionados por CWE o producto.