A vulnerability was found in wpeverest User Registration & Membership Plugin up to 5.2.0 on WordPress. It has been declared as critical . The impacted element is the function confirm_payment of the component User Registration Handler . Executing a manipulation can lead to missing authorization. This vulnerability appears as CVE-2026-1869 . The attack may be performed from remote. There is no available exploit.