CVE-2026-11965
Received Received - Intake

Unauthenticated Subscription Activation in User Registration & Membership WordPress Plugin

Vulnerability report for CVE-2026-11965, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: WPScan

Description

The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users (after self-registering an account through the open registration flow) to obtain an active subscription on any paid plan without paying and access the gated content.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wpengine user_registration_and_membership to 5.2.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability CVE-2026-11965 affects the WordPress plugin "User Registration & Membership" versions prior to 5.2.0. It allows unauthenticated users to bypass payment for paid membership subscriptions by exploiting a flaw in the plugin's registration and membership activation process.

An attacker can create an account through the open self-registration flow, then manipulate the system to activate a paid membership without completing payment. This is done by exploiting nonces and session-bound tokens to plant an active subscription for any paid plan, granting access to gated content.

This vulnerability is classified as an authentication bypass (CWE-287) with a medium severity CVSS score of 6.5.

Impact Analysis

This vulnerability allows unauthenticated users to obtain active paid membership subscriptions without paying. As a result, unauthorized users can access gated or premium content that should be restricted to paying members only.

This can lead to revenue loss for website owners who rely on paid memberships, as well as potential exposure of exclusive content to unauthorized users.

Mitigation Strategies

To mitigate this vulnerability, immediately update the User Registration & Membership WordPress plugin to version 5.2.0 or later, where the issue has been fixed.

Additionally, consider temporarily disabling open self-registration if possible, to prevent unauthenticated users from creating accounts and exploiting the payment bypass.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11965. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart