PT-2026-52683 · Wpeverest · User Registration & Membership – Free & Paid Memberships

Supakiad S

Published

2026-06-26

Updated

2026-06-26

CVE-2026-1869

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirm payment() function in all versions up to, and including, 5.2.0. This makes it possible for unauthenticated attackers to bypass payment processing and activate paid memberships.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2026-1869

Affected Products

User Registration & Membership – Free & Paid Memberships

PT-2026-52683 · Wpeverest · User Registration & Membership – Free & Paid Memberships

CVE-2026-1869

Weakness Enumeration

Related Identifiers

Affected Products

References · 3