WordPress Plugin Vulnerabilities
User Registration & Membership < 5.2.3 - Unauthenticated Privilege Escalation via Unbound members_data Membership ID
Description
The plugin does not validate that the membership tier submitted during public registration is one of the tiers allowed by the registration form before assigning that tier's associated user role, allowing unauthenticated users to register into an arbitrary published membership tier and obtain its role — up to administrator when such a tier exists.
Proof of Concept
Affects Plugins
References
CVE
Classification
Type
PRIVESC
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Khaled Alenazi (Nxploited)
Submitter
Khaled Alenazi (Nxploited)
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2026-06-26 (about 21 days ago)
Added
2026-06-26 (about 20 days ago)
Last Updated
2026-07-16 (about 9 hours ago)