{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2356", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-11T16:54:51.661Z", "datePublished": "2026-02-26T02:23:55.847Z", "dateUpdated": "2026-02-26T14:41:55.080Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-02-26T02:23:55.847Z"}, "affected": [{"vendor": "wpeverest", "product": "User Registration & Membership \u2013 Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "5.1.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'register_member' function, due to missing validation on the 'member_id' user controlled key. This makes it possible for unauthenticated attackers to delete arbitrary user accounts that newly registered on the site who has the 'urm_user_just_created' user meta set."}], "title": "User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a1ccb2-4f78-4855-a01d-b15f73407822?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/5.1.1/modules/membership/includes/AJAX.php#L142"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284 Improper Access Control", "cweId": "CWE-284", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Ph\u00fa"}], "timeline": [{"time": "2026-02-11T17:11:10.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-02-25T13:29:35.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T14:41:43.910634Z", "id": "CVE-2026-2356", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:41:55.080Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2356", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T14:41:43.910634Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:41:49.306Z"}}], "cna": {"title": "User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion", "credits": [{"lang": "en", "type": "finder", "value": "Ph\u00fa"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "wpeverest", "product": "User Registration & Membership \u2013 Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "5.1.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-11T17:11:10.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-02-25T13:29:35.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a1ccb2-4f78-4855-a01d-b15f73407822?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/5.1.1/modules/membership/includes/AJAX.php#L142"}], "descriptions": [{"lang": "en", "value": "The User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'register_member' function, due to missing validation on the 'member_id' user controlled key. This makes it possible for unauthenticated attackers to delete arbitrary user accounts that newly registered on the site who has the 'urm_user_just_created' user meta set."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-02-26T02:23:55.847Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2356", "state": "PUBLISHED", "dateUpdated": "2026-02-26T14:41:55.080Z", "dateReserved": "2026-02-11T16:54:51.661Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-26T02:23:55.847Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'register_member' function, due to missing validation on the 'member_id' user controlled key. This makes it possible for unauthenticated attackers to delete arbitrary user accounts that newly registered on the site who has the 'urm_user_just_created' user meta set."}, {"lang": "es", "value": "El plugin User Registration &amp; Membership \u2013 Custom Registration Form, Login Form, and User Profile para WordPress es vulnerable a Referencia Directa Insegura a Objeto en todas las versiones hasta la 5.1.2, inclusive, a trav\u00e9s de la funci\u00f3n 'register_member', debido a la falta de validaci\u00f3n en la clave 'member_id' controlada por el usuario. Esto hace posible que atacantes no autenticados eliminen cuentas de usuario arbitrarias que se registraron recientemente en el sitio y que tienen configurado el metadato de usuario 'urm_user_just_created'."}], "id": "CVE-2026-2356", "lastModified": "2026-02-27T14:06:59.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2026-02-26T03:16:05.293", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/5.1.1/modules/membership/includes/AJAX.php#L142"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a1ccb2-4f78-4855-a01d-b15f73407822?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}