WordPress Plugin Vulnerabilities

User Registration & Membership < 5.2.3 - Unauthenticated Privilege Escalation via Unbound members_data Membership ID

Description

The plugin does not validate that the membership tier submitted during public registration is one of the tiers allowed by the registration form before assigning that tier's associated user role, allowing unauthenticated users to register into an arbitrary published membership tier and obtain its role — up to administrator when such a tier exists.

Proof of Concept

Affects Plugins

Fixed in 5.2.3

References

Classification

Miscellaneous

Original Researcher
Khaled Alenazi (Nxploited)
Submitter
Khaled Alenazi (Nxploited)
Submitter website
Verified
Yes

Timeline

Publicly Published
2026-06-26 (about 21 days ago)
Added
2026-06-26 (about 20 days ago)
Last Updated
2026-07-16 (about 9 hours ago)

Other