ThreatCluster

Critical CVE-2026-1492 Vulnerability in WordPress Plugin Allows Admin Takeover

First seen 13 Apr 2026, 10:13 UTC GbhackersCybersecuritynews 91% similarity 74

Article Content

Browse articles
ThreatCluster

A critical vulnerability, tracked as CVE-2026-1492, has been discovered in the User Registration & Membership plugin for WordPress. This flaw enables remote attackers to bypass authentication and gain full administrative access without valid credentials. The vulnerability affects versions up to 5.1.2 of the plugin, which is widely used for managing user registrations on WordPress sites. Thousands of websites globally are at risk due to this security issue. The vulnerability was published on March 3, 2026, and has raised significant concerns among security professionals. Immediate action is recommended to mitigate potential exploitation. No specific exploits have been reported yet, but the ease of access poses a serious threat to affected sites.

Key Points: • CVE-2026-1492 allows attackers to bypass authentication and gain admin access. • The vulnerability affects versions of the User Registration & Membership plugin up to 5.1.2. • Thousands of WordPress sites are potentially vulnerable, necessitating urgent patching.

ThreatCluster AI

Timeline

2026-03-03
CVE-2026-1492 published
2026-04-13
Vulnerability disclosed in cybersecurity articles

Community

Browse all →