CVE-2026-1779 is an authentication bypass vulnerability classified under CWE-288, found in the wpeverest User Registration & Membership plugin for WordPress, affecting all versions up to and including 5.1.2. The vulnerability arises from improper authentication checks within the 'register_member' function. Specifically, when a new user is registered, the plugin sets a user meta flag 'urm_user_just_created'. Due to flawed logic, an unauthenticated attacker can exploit this condition to log in as that newly created user without providing valid credentials or undergoing normal authentication procedures. This bypasses standard security controls, granting unauthorized access to user accounts. The vulnerability is remotely exploitable over the network without any privileges or user interaction, as indicated by the CVSS vector (AV:N/AC:H/PR:N/UI:N). The high attack complexity (AC:H) suggests some conditions must be met, but no authentication or user interaction is required. The impact is severe, affecting confidentiality, integrity, and availability, as attackers can assume user identities and potentially escalate privileges or disrupt services. Although no public exploits are currently known, the vulnerability's presence in a widely used WordPress plugin makes it a significant threat. No official patches have been linked yet, so mitigation requires careful monitoring and possibly temporary workarounds.

The vulnerability allows unauthenticated attackers to bypass authentication and log in as newly registered users, potentially enabling unauthorized access to sensitive data and administrative functions depending on the privileges of the created user accounts. This can lead to data breaches, unauthorized content modification, and disruption of website availability. Organizations relying on this plugin for membership management, subscriptions, or content restriction face risks of account takeover and privilege escalation. The compromise of user accounts can also facilitate further attacks such as phishing, malware distribution, or lateral movement within the network. Given WordPress's widespread use, the vulnerability could affect a large number of websites globally, especially those that have not updated the plugin or implemented compensating controls. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as attackers may develop exploits rapidly once the vulnerability is public. The high CVSS score reflects the critical nature of the impact on confidentiality, integrity, and availability.

1. Immediately update the wpeverest User Registration & Membership plugin to a patched version once available from the vendor. 2. Until a patch is released, disable the plugin or restrict access to the registration functionality to trusted IP addresses or authenticated users only. 3. Implement Web Application Firewall (WAF) rules to detect and block suspicious requests targeting the 'register_member' function or attempts to exploit the 'urm_user_just_created' user meta. 4. Monitor server and application logs for unusual login activity, especially logins of newly created users without corresponding registration events. 5. Enforce strong user registration policies, such as CAPTCHA challenges and email verification, to reduce automated or malicious registrations. 6. Conduct regular security audits and vulnerability scans on WordPress sites to detect outdated plugins and configuration weaknesses. 7. Educate site administrators about the risks and signs of exploitation related to this vulnerability. 8. Consider isolating critical WordPress instances or using containerization to limit the blast radius of potential compromises.