Donate Telegram

CVE-2026-1779

HIGH CVSS 3.1: 8.1 EPSS 0.13%

Feb 26, 2026

Updated Feb 26, 2026

Meta

Parameter	Value
CVSS	8.1 (HIGH)
Type	CWE-288 (Authentication Bypass Using Alternate Path (Обход аутентификации))
Vendor	Meta
Public PoC	No

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthenticated attackers to log in a newly registered user on the site who has the 'urm_user_just_created' user meta set.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

High

Сложно эксплуатировать

Privileges Required

None

Права не нужны

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

High

Полная утечка данных

Integrity

High

Полная модификация данных

Availability

High

Полный отказ в обслуживании

CVSS Vector v3.1

Weakness Type (CWE)

CWE-288 Authentication Bypass Using Alternate Path (Обход аутентификации)

References 2

https://plugins.trac.wordpress.org/browser/user-registration/tags/5.0.4/modules…

security@wordfence.com

https://www.wordfence.com/threat-intel/vulnerabilities/id/d99bc021-ba9e-4294-8d…

security@wordfence.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-2593

Meta

CVE-2026-2893

Meta

CVE-2026-2356

Meta

CVE-2026-2498

Meta

CVE-2026-2301

Meta

CVE Details

CVE ID

CVE-2026-1779

Published Date

Feb 26, 2026

Vendor

Meta

Severity

HIGH

CVSS v3.1 Score

8.1

High severity. Prioritize patching.

Attack Analysis

Exploitability 2.2/10

How easy to exploit

Impact 5.9/10

Severity of consequences

Exploit Prediction (EPSS)

Probability of Exploit 0.13%

Likelihood of exploitation in next 30 days

Percentile: 32.6th percentile (higher than 32.6% of all CVEs)

Standard patching cycle

Impact

Full data disclosure

Complete data modification

Denial of Service

Source

Editor's Choice