好的,我现在需要帮用户总结这篇文章的内容。用户的要求是用中文,控制在100个字以内,不需要特定的开头,直接写描述即可。 首先,我通读了文章。文章主要讲的是一个WordPress插件User Registration & Membership存在严重漏洞,CVE编号是CVE-2026-1492,严重性评分9.8。这个漏洞允许黑客在注册时指定用户角色,从而创建管理员账户,完全控制网站。已经有超过200次攻击尝试被阻止,影响所有版本到5.1.2,修复版本是5.1.3和5.1.4。建议用户更新插件或暂时禁用。 接下来,我需要提取关键信息:插件名称、漏洞编号、严重性评分、漏洞影响、攻击后果、修复版本和建议措施。 然后,我要把这些信息浓缩成一句话,不超过100字。确保涵盖主要点:插件名称、漏洞严重性、攻击方式、影响范围和建议措施。 最后,检查语言是否简洁明了,没有多余的信息,并且符合用户的要求。 </think> WordPress插件User Registration & Membership存在严重漏洞(CVE-2026-1492),允许黑客创建管理员账户并完全控制网站。该漏洞影响所有版本至5.1.2,已修复于5.1.3及以上版本。建议用户更新或禁用该插件以防止攻击。 2026-3-5 18:47:27 Author: www.bleepingcomputer.com(查看原文) 阅读量:1 收藏
Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites.
Developed by WPEverest, the plugin provides membership and user registration management features, including custom forms, payment integrations with PayPal and Stripe, bank transfers, and analytics.
The security vulnerability is tracked as CVE-2026-1492 and received a critical severity rating of 9.8. Because the plugin accepts a user-supplied role during membership registration, hackers can create administrator accounts without authentication.
An administrator account has full access on the website, and it is required to install plugins and themes, edit PHP code, change security settings, modify site content, and lock out legitimate owners or admins.
An attacker with this level of access can steal data, such as the database of registered users, and embed malicious code to distribute malware to visitors.
Researchers at WordPress security company Defiant, the maker of the Wordfence security plugin, blocked more than 200 attempts to exploit CVE-2026-1492 in customer environments in the past 24 hours.
The vulnerability affects all versions of User Registration & Membership through 5.1.2. The developer released a fix in version 5.1.3 of the plugin. Website admins are advised to update to the latest version of the plugin, which is currently 5.1.4, released last week.
If updating is not possible, the recommendation is to temporarily disable or uninstall the plugin.
According to Wordfence data, CVE-2026-1492 is the most severe vulnerability in the User Registration & Membership plugin disclosed this year.
Hackers are constantly targeting WordPress sites for malicious activities that include malware distribution, phishing, hosting command-and-control servers, proxy malicious traffic, or to store stolen data.
In January 2026, hackers began exploiting a maximum-severity flaw (CVE-2026-23550) in the Modular DS WordPress plugin, allowing them to bypass authentication remotely and access vulnerable sites with admin-level privileges.
Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
如有侵权请联系:admin#unsafe.sh