Home / Vulnerability Intelligence / CVE-2026-32488

CVE-2026-32488 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 26, 2026

wpeverest User Registration - Broken Access Control

Published: March 25, 2026Updated: March 26, 2026Remote Exploitable

Overview

wpeverest User Registration <= 4.4.9 contains a broken access control vulnerability caused by incorrect privilege assignment, letting attackers escalate their privileges, exploit requires no special conditions.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Attackers can escalate their privileges, potentially gaining unauthorized access to restricted functions or data.

Mitigation

Update to the latest version beyond 4.4.9.

References

https://patchstack.com/database/Wordpress/Plugin/user-registration/vulnerability/wordpress-user-registration-plugin-4-4-9-privilege-escalation-vulnerability?_s_id=cve

Related Resources

Details

CVE ID: CVE-2026-32488
Severity: High
CVSS Score: 8.1
Type: broken_access_control
Status: new

CWE

CWE-266

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H