CVE-2026-4056
Received Received - Intake
Unauthorized Data Modification in WordPress User Registration Plugin

Publication date: 2026-03-24

Last updated on: 2026-03-24

Assigner: Wordfence

Description
The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions 5.0.1 through 5.1.4. This is due to the `check_permissions()` method only checking for `edit_posts` capability instead of an administrator-level capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to list, create, modify, toggle, duplicate, and delete site-wide content restriction rules, potentially exposing restricted content or denying legitimate user access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4056
EUVD
EUVD-2026-14656
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wp_user_registration_membership plugin From 5.0.1 (inc) to 5.1.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'The User Registration & Membership plugin for WordPress versions 5.0.1 through 5.1.4 has a vulnerability due to a missing proper capability check on its Content Access Rules REST API endpoints.'}, {'type': 'paragraph', 'content': "Specifically, the plugin's `check_permissions()` method only verifies if a user has the `edit_posts` capability, which is a relatively low-level permission, instead of requiring an administrator-level capability."}, {'type': 'paragraph', 'content': 'This flaw allows authenticated users with Contributor-level access or higher to list, create, modify, toggle, duplicate, and delete site-wide content restriction rules via the REST API.'}, {'type': 'paragraph', 'content': 'These content restriction rules control access to restricted content on the site, so unauthorized modification can expose restricted content or deny legitimate users access.'}] [1]

Impact Analysis

This vulnerability can impact you by allowing attackers with Contributor-level or higher access to manipulate content access rules on your WordPress site.

Such attackers could potentially:

  • Expose restricted content that should only be available to certain users.
  • Deny legitimate users access to content by modifying or disabling access rules.
  • Create, duplicate, or delete content restriction rules, disrupting the intended content access controls.

Overall, this could lead to unauthorized data exposure or denial of service regarding content access on your site.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the User Registration & Membership WordPress plugin versions 5.0.1 through 5.1.4 are installed and active on your system.'}, {'type': 'paragraph', 'content': "You can also detect unauthorized access attempts by monitoring REST API calls to the plugin's content access rules endpoints under the namespace `user-registration/v1` and the base route `content-access-rules`."}, {'type': 'paragraph', 'content': 'Specifically, look for REST API requests to the following endpoints which should require administrator-level permissions but in vulnerable versions only require `edit_posts` capability:'}, {'type': 'list_item', 'content': 'GET /wp-json/user-registration/v1/content-access-rules'}, {'type': 'list_item', 'content': 'POST /wp-json/user-registration/v1/content-access-rules'}, {'type': 'list_item', 'content': 'GET /wp-json/user-registration/v1/content-access-rules/{id}'}, {'type': 'list_item', 'content': 'POST /wp-json/user-registration/v1/content-access-rules/{id}/toggle-status'}, {'type': 'list_item', 'content': 'POST /wp-json/user-registration/v1/content-access-rules/{id}'}, {'type': 'list_item', 'content': 'POST /wp-json/user-registration/v1/content-access-rules/{id}/duplicate'}, {'type': 'list_item', 'content': 'DELETE /wp-json/user-registration/v1/content-access-rules/{id}'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts or unauthorized access, you can use web server logs or tools like curl or wget to simulate or monitor these REST API calls.'}, {'type': 'paragraph', 'content': 'Example command to test access (replace example.com with your domain):'}, {'type': 'list_item', 'content': 'curl -X GET https://example.com/wp-json/user-registration/v1/content-access-rules -H "Authorization: Bearer <token>"'}, {'type': 'paragraph', 'content': 'If a user with Contributor-level access can successfully retrieve or modify content access rules via these endpoints, the system is vulnerable.'}] [1, 4]

Mitigation Strategies

The immediate mitigation step is to update the User Registration & Membership plugin to version 5.1.5 or later, where the permission check was corrected to require administrator-level capability (`manage_options`) instead of `edit_posts`.

This update restricts access to the REST API endpoints managing content access rules to only users with administrative privileges, preventing unauthorized modification.

If updating immediately is not possible, consider temporarily restricting access to the REST API endpoints related to content access rules by:

  • Blocking or limiting access to `/wp-json/user-registration/v1/content-access-rules` endpoints via web server rules or firewall.
  • Restricting REST API access to trusted administrator IP addresses.
  • Reviewing and limiting user roles and capabilities to ensure no untrusted users have Contributor-level or higher access.

Additionally, monitor logs for suspicious REST API activity targeting these endpoints and revoke or reset credentials if unauthorized access is suspected.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4056. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart