CVE-2026-1321 | Membership Plugin up to 3.2.18/3.2.20 on WordPress POST Parameter rcp_setup_registration_init rcp_level Remote Code Execution

Inserito da Angelo Barbosa | Mar 5, 2026 | CVE

A vulnerability marked as critical has been reported in Membership Plugin up to 3.2.18/3.2.20 on WordPress. Affected by this issue is the function rcp_setup_registration_init of the component POST Parameter Handler. This manipulation of the argument rcp_level causes Remote Code Execution.

This vulnerability is tracked as CVE-2026-1321. The attack is possible to be carried out remotely. No exploit exists.

CVE-2026-1321 | Membership Plugin up to 3.2.18/3.2.20 on WordPress POST Parameter rcp_setup_registration_init rcp_level Remote Code Execution

Post correlati

CVE-2024-47184 | Ampache up to 6.5.x Democratic Playlist Name cross site scripting (GHSA-f99r-gv34-v46f)

CVE-2024-29200 | Kimai up to 2.12.x API insufficient granularity of access control

CVE-2023-39257 | Dell Rugged Control Center up to 4.6 Installation Repair access control (dsa-2023-340)

CVE-2017-20193 | WooCommerce Product Vendors Plugin up to 2.0.35 on WordPress vendor_description cross site scripting