CVE-2026-4056
Unauthorized Data Modification in WordPress User Registration Plugin
Publication date: 2026-03-24
Last updated on: 2026-03-24
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wp_user_registration_membership | plugin | From 5.0.1 (inc) to 5.1.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'The User Registration & Membership plugin for WordPress versions 5.0.1 through 5.1.4 has a vulnerability due to a missing proper capability check on its Content Access Rules REST API endpoints.'}, {'type': 'paragraph', 'content': "Specifically, the plugin's `check_permissions()` method only verifies if a user has the `edit_posts` capability, which is a relatively low-level permission, instead of requiring an administrator-level capability."}, {'type': 'paragraph', 'content': 'This flaw allows authenticated users with Contributor-level access or higher to list, create, modify, toggle, duplicate, and delete site-wide content restriction rules via the REST API.'}, {'type': 'paragraph', 'content': 'These content restriction rules control access to restricted content on the site, so unauthorized modification can expose restricted content or deny legitimate users access.'}] [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers with Contributor-level or higher access to manipulate content access rules on your WordPress site.
Such attackers could potentially:
- Expose restricted content that should only be available to certain users.
- Deny legitimate users access to content by modifying or disabling access rules.
- Create, duplicate, or delete content restriction rules, disrupting the intended content access controls.
Overall, this could lead to unauthorized data exposure or denial of service regarding content access on your site.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the User Registration & Membership WordPress plugin versions 5.0.1 through 5.1.4 are installed and active on your system.'}, {'type': 'paragraph', 'content': "You can also detect unauthorized access attempts by monitoring REST API calls to the plugin's content access rules endpoints under the namespace `user-registration/v1` and the base route `content-access-rules`."}, {'type': 'paragraph', 'content': 'Specifically, look for REST API requests to the following endpoints which should require administrator-level permissions but in vulnerable versions only require `edit_posts` capability:'}, {'type': 'list_item', 'content': 'GET /wp-json/user-registration/v1/content-access-rules'}, {'type': 'list_item', 'content': 'POST /wp-json/user-registration/v1/content-access-rules'}, {'type': 'list_item', 'content': 'GET /wp-json/user-registration/v1/content-access-rules/{id}'}, {'type': 'list_item', 'content': 'POST /wp-json/user-registration/v1/content-access-rules/{id}/toggle-status'}, {'type': 'list_item', 'content': 'POST /wp-json/user-registration/v1/content-access-rules/{id}'}, {'type': 'list_item', 'content': 'POST /wp-json/user-registration/v1/content-access-rules/{id}/duplicate'}, {'type': 'list_item', 'content': 'DELETE /wp-json/user-registration/v1/content-access-rules/{id}'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts or unauthorized access, you can use web server logs or tools like curl or wget to simulate or monitor these REST API calls.'}, {'type': 'paragraph', 'content': 'Example command to test access (replace example.com with your domain):'}, {'type': 'list_item', 'content': 'curl -X GET https://example.com/wp-json/user-registration/v1/content-access-rules -H "Authorization: Bearer <token>"'}, {'type': 'paragraph', 'content': 'If a user with Contributor-level access can successfully retrieve or modify content access rules via these endpoints, the system is vulnerable.'}] [1, 4]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the User Registration & Membership plugin to version 5.1.5 or later, where the permission check was corrected to require administrator-level capability (`manage_options`) instead of `edit_posts`.
This update restricts access to the REST API endpoints managing content access rules to only users with administrative privileges, preventing unauthorized modification.
If updating immediately is not possible, consider temporarily restricting access to the REST API endpoints related to content access rules by:
- Blocking or limiting access to `/wp-json/user-registration/v1/content-access-rules` endpoints via web server rules or firewall.
- Restricting REST API access to trusted administrator IP addresses.
- Reviewing and limiting user roles and capabilities to ensure no untrusted users have Contributor-level or higher access.
Additionally, monitor logs for suspicious REST API activity targeting these endpoints and revoke or reset credentials if unauthorized access is suspected.