Critical CVE-2026-1492 Vulnerability in WordPress Plugin Allows Admin Takeover

Severity: High (Score: 74.0)

Sources: Gbhackers, Cybersecuritynews

Summary

A critical vulnerability, tracked as CVE-2026-1492, has been discovered in the User Registration & Membership plugin for WordPress. This flaw enables remote attackers to bypass authentication and gain full administrative access without valid credentials. The vulnerability affects versions up to 5.1.2 of the plugin, which is widely used for managing user registrations on WordPress sites. Thousands of websites globally are at risk due to this security issue. The vulnerability was published on March 3, 2026, and has raised significant concerns among security professionals. Immediate action is recommended to mitigate potential exploitation. No specific exploits have been reported yet, but the ease of access poses a serious threat to affected sites. Key Points: • CVE-2026-1492 allows attackers to bypass authentication and gain admin access. • The vulnerability affects versions of the User Registration & Membership plugin up to 5.1.2. • Thousands of WordPress sites are potentially vulnerable, necessitating urgent patching.

Key Entities

• Zero-day Exploit (attack_type)
• CVE-2026-1492 (cve)
• T1068 - Exploitation for Privilege Escalation (mitre_attack)
• T1190 - Exploit Public-Facing Application (mitre_attack)
• WordPress (platform)