A critical security flaw in the User Registration & Membership WordPress plugin (versions 5.1.2 and earlier) allows unauthenticated attackers to bypass authentication and gain full administrative access to affected sites.

Exposed nonce values in client-side JavaScript are accessible to unauthenticated users, enabling unauthorized backend requests and potential privilege escalation.

Root cause lies in trusting user-controlled input and insufficient backend validation, letting membership actions be processed without proper authentication or authorization checks.

Attackers can exploit the flaw by abusing exposed client-side data and manipulating backend parameters that influence authentication and privilege assignments, all without credentials.

Once administrative privileges are obtained, the flaw can lead to exposure of sensitive user data, increasing the potential impact on compromised sites.

The vulnerability is tracked as CVE-2026-1492 and stems from improper server-side validation and weak authorization checks within the plugin’s membership registration workflow.