User Registration & Membership plugin flaw allows attackers to gain admin access without login Exposed nonce values enable unauthorized backend requests and privilege escalation Sensitive user data ...