Home / Vulnerability Intelligence / CVE-2026-1779

CVE-2026-1779 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: February 27, 2026

User Registration & Membership WordPress plugin - Authentication Bypass

Published: February 26, 2026Updated: February 27, 2026Remote Exploitable

Overview

User Registration & Membership WordPress plugin <= 5.1.2 contains an authentication bypass caused by incorrect authentication in the 'register_member' function, letting unauthenticated attackers log in newly registered users with specific user meta set.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 11.0%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can log in as newly registered users, potentially gaining unauthorized access.

Mitigation

Update to the latest version beyond 5.1.2.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 26, 2026

🟠 CVE-2026-1779 - High (8.1) The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthent... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1779/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-1779
Severity: High
CVSS Score: 8.1
Type: broken_authentication
Status: unconfirmed
EPSS: 11.0%
Social Posts: 1

CWE

CWE-288

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

11.0%Probability of exploitation in the next 30 days