CVE-2026-6145 — The User Registration & Membership plugin for WordPress is
CVE-2026-6145 — The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the is_admin_creation_process() method relying solely on the presence of action=createuser in the $_REQUEST superglobal without p
What This Means For You
- If your environment is affected by CWE-862, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-6145 updates and patches.
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-6145 | vulnerability | CVE-2026-6145 |
| CWE-862 | weakness | CWE-862 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 14, 2026 at 12:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-2347: Critical Authorization Bypass in Akilli E-Commerce Website
CVE-2026-2347 — Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website:...
CVE-2025-11024: Akilli E-Commerce Blind SQLi Critical Vulnerability
CVE-2025-11024 — Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows...
WordPress InfusedWoo Pro Plugin Vulnerable to Arbitrary File Read (CVE-2026-6514)
CVE-2026-6514 — The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popup_submit....