CVE-2026-1321 | Membership Plugin up to 3.2.18/3.2.20 on WordPress POST Parameter rcp_setup_registration_init rcp_level Remote Code Execution

A vulnerability marked as critical has been reported in Membership Plugin up to 3.2.18/3.2.20 on WordPress. Affected by this issue is the function rcp_setup_registration_init of the component POST Parameter Handler. This manipulation of the argument rcp_level causes Remote Code Execution.

This vulnerability is tracked as CVE-2026-1321. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More