A newly disclosed flaw, tracked as CVE-2026-1492, affects the User Registration & Membership plugin for WordPress, introducing a critical vulnerability that allows unauthenticated attackers to bypass authentication and gain full administrative control. This plugin, widely used to manage user registration, membership plans, and access control, operates deep within WordPress’s authentication systems making any compromise of […] The post Critical WordPress Plugin Bug Allows Authentication Bypass, Admin Takeover appeared first on Cyber Security News.