CVE-2026-24353
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9.
AnalysisAI
Improper access control in wpeverest User Registration plugin through version 4.4.9 allows authenticated attackers to bypass authorization checks and gain unauthorized access to sensitive functionality. An attacker with low-privilege credentials can exploit misconfigured security levels to perform actions beyond their intended permissions, potentially exposing or modifying user registration data. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects wpeverest User Registration user-registration. Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9.
Affected ProductsAI
Product: wpeverest User Registration user-registration.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today