CVE-2026-1492 – Techno Chat

Critical Flaw in User Registration Membership Plugin (CVE-2026-1492) Lets Attackers Bypass WordPress Authentication

April 13, 2026 Saugata Datta Cybersecurity, Hacking and Exploits, Self Hosted, Web Development Leave a comment

A newly disclosed vulnerability in a popular WordPress plugin can allow attackers to log in as administrators without a username or password. Tracked as CVE-2026-1492 and carrying a CVSS v4.0 score of 9.8, the flaw affects all versions of the User Registration Membership plugin up through 5.1.2. The issue was documented in early March 2026 by CYFIRMA researchers and represents

Continue

Admin Account Backdoor: Critical Privilege-Flaw in WordPress User Registration Plugin (CVE-2026-1492)

March 6, 2026 Saugata Datta Cybersecurity, Hacking and Exploits, Microsoft, Self Hosted, Web Development Leave a comment

A critical security flaw in a widely used WordPress membership plugin has made it trivially simple for unauthenticated attackers to create administrator accounts and seize control of affected sites. The vulnerability, tracked as CVE-2026-1492, exposes a systemic weakness in how the plugin handled role assignment during user registration. This post summarizes what happened, who discovered it, the immediate risks, and

Continue

Admin Tools