Bleepingcomputer
Critical Vulnerability in WordPress Plugin Exploited for Unauthorized Admin Access
First seen 5 Mar 2026, 19:12 UTC
•



+3
•85% similarity
•71.2
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
A critical vulnerability (CVE-2026-1492) in the User Registration & Membership plugin, used by over 60,000 WordPress sites, is being actively exploited by hackers to create unauthorized admin accounts. The vulnerability has a severity rating of 9.8, indicating a significant risk to affected sites, which can lead to unauthorized access and control.
ThreatCluster AI
Timeline
2026-01-14
CVE-2026-23550 published
2026-01-16
First public PoC for CVE-2026-23550
2026-03-03
CVE-2026-1492 published
2026-03-05
Active exploitation reported in the wild