CVE-2026-4056

Name of the Vulnerable Software and Affected Versions User Registration & Membership plugin for WordPress versions 5.0.1 through 5.1.4

Description The plugin has a flaw allowing unauthorized data modification. This is due to an insufficient capability check on the Content Access Rules REST API endpoints. The check permissions() method only verifies the edit posts capability instead of requiring administrator-level permissions. Authenticated attackers with Contributor-level access or higher can list, create, modify, toggle, duplicate, and delete site-wide content restriction rules. This could lead to the exposure of restricted content or denial of access to legitimate users. The affected API endpoints are the Content Access Rules REST API endpoints. The vulnerable parameter is not specified.

Recommendations Update to a version beyond 5.1.4.