Critical WordPress plugin flaw lets attackers create admin accounts on vulnerable sites

A critical flaw in the User Registration & Membership plugin for WordPress can let unauthenticated attackers gain administrator-level access on affected sites. The bug, tracked as CVE-2026-1492, affects plugin versions through 5.1.2 and was fixed in version 5.1.3. This matters because the plugin handles user registration and membership workflows, which often sit directly on public-facing […] The post Critical WordPress plugin flaw lets attackers create admin accounts on vulnerable sites appeared first on VPN Central.