A recent analysis of publicly accessible WordPress installations has revealed a startling reality: a large majority of sites are running PHP versions that are no longer supported, creating a widespread and avoidable security risk. While WordPress itself issues regular updates, the underlying server-side language many sites rely on—PHP—has lagged behind in adoption. The result is an ecosystem where millions of
Tag: WordPress
Critical Flaw in User Registration Membership Plugin (CVE-2026-1492) Lets Attackers Bypass WordPress Authentication
A newly disclosed vulnerability in a popular WordPress plugin can allow attackers to log in as administrators without a username or password. Tracked as CVE-2026-1492 and carrying a CVSS v4.0 score of 9.8, the flaw affects all versions of the User Registration Membership plugin up through 5.1.2. The issue was documented in early March 2026 by CYFIRMA researchers and represents
Admin Account Backdoor: Critical Privilege-Flaw in WordPress User Registration Plugin (CVE-2026-1492)
A critical security flaw in a widely used WordPress membership plugin has made it trivially simple for unauthenticated attackers to create administrator accounts and seize control of affected sites. The vulnerability, tracked as CVE-2026-1492, exposes a systemic weakness in how the plugin handled role assignment during user registration. This post summarizes what happened, who discovered it, the immediate risks, and


