Open Redirect Vulnerability in User Registration & Membership Plugin for WordPress
CVE-2026-6203

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
Vendor: CVE Published:; 13 April 2026

What is CVE-2026-6203?

The User Registration & Membership plugin for WordPress has a vulnerability that allows open redirects due to inadequate validation of user-supplied URLs in the 'redirect_to_on_logout' GET parameter. This flaw occurs in versions up to and including 5.1.4, as the parameter is directly processed by the 'wp_redirect()' function instead of using the safer 'wp_safe_redirect()'. Although 'esc_url_raw()' is utilized to cleanse malformed URLs, it fails to enforce domain restrictions on redirect destinations. Consequently, this vulnerability can be exploited by attackers to redirect users to harmful external sites following a logout, increasing the risk of phishing schemes.

Affected Version(s)

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 0 <= 5.1.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/user-registrat...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Apr 13, 2026

Credit

Anthony Cihan

CVE-2026-6203 Data

JSON