A critical security vulnerability in a widely used WordPress plugin is being actively exploited by hackers, potentially allowing attackers to gain full administrative control of more than 60,000 websites, cybersecurity researchers have warned.
The flaw, identified as CVE‑2026‑1492, carries a severity score of 9.8, placing it among the most serious categories of security risks.
The vulnerability affects the User Registration and Membership plugin, which is widely used for managing user sign-ups, memberships, custom registration forms, payment integrations, and analytics tools on WordPress websites.
How the Attack Works
According to security experts, the flaw stems from a privilege management weakness in the plugin’s registration system.
During the sign-up process, the plugin fails to properly verify the role assigned to new users. Instead, it accepts a role value directly from the registration request submitted by the user.
Attackers can exploit this by intercepting the request and inserting an administrator role into the data payload. Because the server does not validate the role against a restricted list, the attacker is instantly granted full administrator access.
Full Control of Compromised Websites
With administrator privileges, attackers can take complete control of a website. This includes installing malicious plugins, altering site code, modifying security settings, changing content, or even locking out legitimate administrators.
Security experts warn that compromised sites could also be used to steal databases containing user information, distribute malware to visitors, or launch broader cyberattacks.
Researchers monitoring the vulnerability said more than 200 exploitation attempts were blocked within a 24-hour period, indicating active targeting of vulnerable sites.
Patch Released
The vulnerability affects all versions of the plugin up to 5.1.2. Developers have released a fix in version 5.1.3, with version 5.1.4 currently available.
Website administrators are strongly advised to update the plugin immediately, review user accounts for unauthorized administrator profiles, remove suspicious accounts, and rotate passwords to prevent continued access through compromised sessions.
