A vulnerability identified as critical has been detected in WPScan User Registration & Membership Plugin up to 5.2.1 on WordPress. The affected element is an unknown function of the component Membership Upgrade. This manipulation of the argument Identifier causes authorization bypass.
This vulnerability is handled as CVE-2026-11963. The attack can be initiated remotely. There is not any exploit available.