What is CVE-2026-4056 — Data Modification in WordPress User Registration?

CVE-2026-4056 is a medium-severity vulnerability in the WordPress User Registration & Membership plugin (versions 5.0.1–5.1.4) allowing authenticated users with Contributor access to modify content restriction rules.

Am I affected by CVE-2026-4056 in WordPress User Registration?

You are affected if you are using WordPress User Registration & Membership plugin versions 5.0.1 through 5.1.4. Upgrade to 5.1.5 or later to mitigate the risk.

How do I fix CVE-2026-4056 in WordPress User Registration?

Upgrade the User Registration & Membership plugin to version 5.1.5 or later. As a temporary workaround, restrict access to the Content Access Rules REST API endpoints to administrators only.

Is CVE-2026-4056 being actively exploited?

Currently, there are no known public exploits or confirmed active exploitation campaigns for CVE-2026-4056, but the ease of exploitation warrants vigilance.

Where can I find the official WordPress advisory for CVE-2026-4056?

Refer to the WordPress security advisory for CVE-2026-4056 on the WordPress.org website for the latest information and updates.

CVE-2026-4056 — Vulnerability Details

NEXTGUARD

Scanner gratuitement

CVE-2026-4056 — Vulnerability Details | NextGuard

Étapes de Détectiontraduction en cours…

• wordpress / plugin:

wp plugin list | grep 'User Registration & Membership'

• wordpress / plugin: Check plugin version. If < 5.1.5, the system is vulnerable.

wp plugin version user-registration-and-membership

• wordpress / plugin: Examine WordPress access logs for requests to /wp-json/user-registration/v1/rules originating from users with Contributor or lower roles. • wordpress / plugin: Review WordPress user roles and capabilities to ensure only administrators have access to manage content restriction rules.

User Registration & Membership <= 5.1.4 - Manipulation de la règle d'accès au contenu authentifié (Contributeur+) en raison d'une autorisation manquante

Impact et Scénarios d'Attaque

Contexte d'Exploitation

Qui Est à Risquetraduction en cours…

Étapes de Détectiontraduction en cours…

Chronologie de l'Attaque

Renseignement sur les Menaces

Logiciel Affecté

Classification de Faiblesse (CWE)

Chronologie

Mitigation et Contournements

Comment corriger

Newsletter Sécurité CVE

Questions fréquentestraduction en cours…

What is CVE-2026-4056 — Data Modification in WordPress User Registration?

Am I affected by CVE-2026-4056 in WordPress User Registration?

How do I fix CVE-2026-4056 in WordPress User Registration?

Is CVE-2026-4056 being actively exploited?

Where can I find the official WordPress advisory for CVE-2026-4056?

Informations sur le paquet

Ton projet est-il affecté ?

Détecte cette CVE dans ton projet