CVE-2026-1779 Meta — Exploit & Vulnerability Details HIGH

CVE-2026-1779

HIGH CVSS 3.1: 8.1 EPSS 0.19%

Parameter	Value
CVSS	8.1 (HIGH)
Type	CWE-288 (Authentication Bypass Using Alternate Path)
Vendor	Meta
Public PoC	No

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthenticated attackers to log in a newly registered user on the site who has the 'urm_user_just_created' user meta set.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

High

Difficult to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-288 Authentication Bypass Using Alternate Path

References 2

https://plugins.trac.wordpress.org/browser/user-registration/tags/5.0.4/modules…

security@wordfence.com

https://www.wordfence.com/threat-intel/vulnerabilities/id/d99bc021-ba9e-4294-8d…

security@wordfence.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-35569

Meta

8.7

CVE-2026-40096

Meta

5.1

CVE-2026-2305

Meta

6.4

CVE-2026-4664

Meta

5.3

CVE-2026-5437

Meta

None

Menu

CVE-2026-1779

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-35569

CVE-2026-40096

CVE-2026-2305

CVE-2026-4664

CVE-2026-5437

CVE Details

Editor's Choice

Menu

CVE-2026-1779

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-35569

CVE-2026-40096

CVE-2026-2305

CVE-2026-4664

CVE-2026-5437

CVE Details

Editor's Choice

Stay informed on cybersecurity