Privilege Escalation in WPEverest User Registration Plugin by WordPress
CVE-2026-32488

8.1HIGH

Key Information:

Vendor: WordPress
Status: User Registration
Vendor: CVE Published:; 25 March 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-32488?

The WPEverest User Registration plugin for WordPress has a vulnerability that allows users with insufficient privileges to elevate their access rights. This vulnerability permits a user to perform actions that should be restricted, leading to potential misuse of the platform. This affects all versions from n/a up to and including 4.4.9, making it crucial for website owners to update their plugin to prevent unauthorized access and maintain the security of their sites.

Affected Version(s)

User Registration <= n/a

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-32488
Created by izxci

References

https://patchstack.com/database/Wordpress/Plugin/user-reg...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 17, 2026
👾
Exploit known to exist
Jun 17, 2026
Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Mar 12, 2026

Credit

0xd4rk5id3 | Patchstack Bug Bounty Program

CVE-2026-32488 Data

JSON