A vulnerability was found in wpeverest User Registration & Membership Plugin up to 5.1.4 on WordPress. It has been classified as critical . This affects the function embed_form_action of the component Shortcode Handler . The manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-3601 . The attack can be initiated remotely. There is not any exploit available.