PT-2026-57631 · WordPress · User Registration & Membership
Published
2026-07-13
·
Updated
2026-07-13
·
CVE-2026-11963
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
User Registration & Membership WordPress plugin versions prior to 5.2.2
Description
An issue exists where the plugin fails to perform an authorization check during a membership-upgrade action. The system identifies the user to be modified based on a caller-supplied identifier rather than the currently authenticated user. This allows any authenticated user, including those with subscriber-level privileges, to change the WordPress role and membership tier of other users.
Recommendations
Update the User Registration & Membership WordPress plugin to version 5.2.2 or later.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
User Registration & Membership