<= 5.2.2 – Broken Access Control vulnerability
-
Hi, I have 2 sites with the plugin on. Both at the latest version. My update software is telling me there is a vulnerability.
Is there a patch due?
-
Hello @charactercreates,
Thank you for reaching out. We take security matters very seriously and appreciate you bringing this to our attention.
To help us investigate this further and provide you with an accurate answer, could you please share a few more details:
- Which update or security software is reporting this vulnerability (for example, Wordfence, Patchstack, WPScan, Sucuri, or another tool)?
- The exact vulnerability name or CVE ID that is being flagged, if available.
- A screenshot of the vulnerability warning from your security tool, if possible.
This information will help us identify the exact issue being reported and confirm whether it has already been patched in the current version or if an additional fix is needed.
We will get back to you with a clear update as soon as we have these details.
Best regards
Hi, it is ManageWP, there isn’t any ID and this is the exact title – WordPress User Registration Plugin <= 5.2.2 is vulnerable to Broken Access Control. I’m unable to upload a screenshot from this box.
Thanks.
@charactercreates as a fellow ManageWP user, there is a learn more link, which you can press.
@sholly2 shares the link to the security vulnerability anyway.Hello everyone,
Thank you all for reaching out and for your vigilance in keeping your websites secure. We truly appreciate it!
Regarding the Broken Access Control vulnerability reported for versions 5.2.2 and below, our development team has already prepared a fix and the patched update is scheduled to be released today.
Once the update is live, you can apply it directly from your WordPress Dashboard > Updates. We strongly recommend updating at your earliest convenience to ensure your site remains fully secure.
Thank you for your patience and your continued trust in our plugin!
Best regards!
Hi @charactercreates, @sholly2, and @rhyswynne,
We have released an update addressing the security issue. Please update the plugin on your site at your earliest convenience to ensure your site remains secure.
Please feel free to reach out if you need any further assistance. We are happy to help!
Best regards!
Hi, the plugin update isn’t yet available on my install for update?
Hi @charactercreates ,
It may be related to this – https://wordpress.org/news/2026/06/pts/ – updates are given a 24 hour or so grace period between uploading and being pushed out now. It’s a recent change but looking at the plugin the update is present there.You can update manually, or wait a few more hours. It shouldn’t make a huge difference 🙂
We are pleased to confirm that the mentioned security issue has been resolved. This has also been verified and confirmed by Patchstack. For your reference, please check the following link: https://patchstack.com/database/wordpress/plugin/user-registration/vulnerability/wordpress-user-registration-plugin-5-1-5-broken-access-control-vulnerability
Thank you to everyone who raised their concerns and helped make the User Registration & Membership plugin even better. Your vigilance truly means a lot to us!
We will mark this topic as resolved. If you need any further assistance, please do not hesitate to create a new topic and we will be happy to help!
You must be logged in to reply to this topic.