Critical Vulnerability in WordPress Plugin Exploited for Unauthorized Admin Access

Critical Vulnerability in WordPress Plugin Exploited for Unauthorized Admin Access

First seen 5 Mar 2026, 19:12 UTC SearchenginejournalBleepingcomputerGbhackersCyberpressCybersecuritynews+3 85% similarity 71.2

Article Content

Browse articles
ThreatCluster

A critical vulnerability (CVE-2026-1492) in the User Registration & Membership plugin, used by over 60,000 WordPress sites, is being actively exploited by hackers to create unauthorized admin accounts. The vulnerability has a severity rating of 9.8, indicating a significant risk to affected sites, which can lead to unauthorized access and control.

ThreatCluster AI

Timeline

2026-01-14
CVE-2026-23550 published
2026-01-16
First public PoC for CVE-2026-23550
2026-03-03
CVE-2026-1492 published
2026-03-05
Active exploitation reported in the wild

Community

Browse all →