What the vulnerability does
01Description
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_member() due to missing validation on the 'membership_id' user controlled key. This makes it possible for unauthenticated attackers to update any user's membership to any other active or non-active membership type.
Explanation of Vulnerability in Simple Terms
02Summary
A vulnerability in User Registration & Membership allows attackers to modify data without authentication. The plugin fails to properly validate or restrict write operations, enabling unauthorized changes to site content or user information. All versions up to 4.1.3 are affected. Site administrators should update immediately when a patch becomes available.
What an attacker can do
03Attacker Capabilities
Modify site data or user information without logging in.
Potential impact on your site
04Site Impact
Attackers can alter user profiles, registration data, or membership settings without permission.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
April 12, 2025
CVE published
April 8, 2026
Record updated