A vulnerability described as critical has been identified in ARMember Premium Plugin up to 7.3.1 on WordPress. This impacts the function arm_reset_password_key of the component Password Reset Handler . The manipulation results in improper authentication. This vulnerability was named CVE-2026-5076 . The attack may be performed from remote. There is no available exploit.