CVE-2026-2356
📋 TL;DR
This vulnerability allows unauthenticated attackers to delete arbitrary user accounts that were recently created on WordPress sites using the affected plugin. Attackers exploit missing validation on the 'member_id' parameter to target users with the 'urm_user_just_created' meta flag. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Mass deletion of newly registered user accounts, disrupting user onboarding and potentially causing data loss for users who haven't completed profile setup.
Likely Case
Targeted deletion of specific newly registered accounts, potentially affecting legitimate users during registration processes.
If Mitigated
No impact if plugin is patched or workarounds are implemented to validate user permissions.
🎯 Exploit Status
Exploitation requires identifying newly registered users with the specific meta flag, but the vulnerability itself is straightforward to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.1.3 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/user-registration/tags/5.1.3
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'User Registration & Membership' plugin. 4. Click 'Update Now' if available, or manually update to version 5.1.3+. 5. Verify plugin is active and functioning.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patched version can be installed
wp plugin deactivate user-registration
Web Application Firewall Rule
allBlock requests to the vulnerable 'register_member' function
🧯 If You Can't Patch
- Implement rate limiting on user registration endpoints
- Monitor user deletion logs and set up alerts for suspicious patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for 'User Registration & Membership' plugin version 5.1.2 or lowerCheck Version:
wp plugin get user-registration --field=versionVerify Fix Applied:
Confirm plugin version is 5.1.3 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Multiple DELETE requests to user registration endpoints
- Unusual patterns of user account deletions shortly after creation
Network Indicators:
- HTTP requests to /wp-admin/admin-ajax.php with action=register_member and manipulated member_id parameter
SIEM Query:
source="wordpress_logs" action="delete_user" user_meta="urm_user_just_created"