PT-2026-57631 · WordPress · User Registration & Membership

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-11963

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions User Registration & Membership WordPress plugin versions prior to 5.2.2
Description An issue exists where the plugin fails to perform an authorization check during a membership-upgrade action. The system identifies the user to be modified based on a caller-supplied identifier rather than the currently authenticated user. This allows any authenticated user, including those with subscriber-level privileges, to change the WordPress role and membership tier of other users.
Recommendations Update the User Registration & Membership WordPress plugin to version 5.2.2 or later.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-11963

Affected Products

User Registration & Membership