CVE-2025-67956
WordPress User Registration plugin <= 4.4.6 - Broken Access Control vulnerabilityMissing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.6.
We have discovered 5,262 live websites that are affected by CVE-2025-67956.
Affected Software
| Product |  User Registration |
| Category | Wordpress Plugins |
| Vulnerable Domains | 5,262 live websites (68% of User Registration install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 125 versions ( 94% of all versions) |
Details
- Published - Jan 22, 2026
- Updated - Jan 29, 2026
Credits
- Mdr | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-67956 United States | 1,395 websites |
 Italy | 463 websites |
 Germany | 400 websites |
 France | 240 websites |
 GB | 235 websites |
 Spain | 192 websites |
 Brazil | 143 websites |
 Cyprus | 126 websites |
 India | 125 websites |
 Canada | 107 websites |
Website Distribution by TLD
Number of websites using CVE-2025-67956| .com | 2,139 websites |
| .org | 350 websites |
| .it | 331 websites |
| .de | 137 websites |
| .com.br | 133 websites |
| .co.uk | 114 websites |
| .net | 105 websites |
| .com.au | 94 websites |
| .nl | 89 websites |
| .ru | 82 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-67956
Top websites that are affected by CVE-2025-67956. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****************.com | France | **,*** | |
| *********.com | United States | **,*** | |
| ************.com | United States | **,*** | |
| ********.de | Germany | **,*** | |
| ************.**.il |  Israel | **,*** | |
| ***.**.th |  Thailand | **,*** | |
| ********.com | United States | ***,*** | |
| **********.org | France | ***,*** | |
| ****************.com | France | ***,*** | |
| ****************.org | GB | ***,*** |
FAQ
A total of 5,262 websites have been identified as vulnerable to CVE-2025-67956, based on global website indexing conducted by WebTechSurvey.
The User Registration is affected by the CVE-2025-67956 vulnerability.
User Registration versions up to and including 4.4.6 are vulnerable to CVE-2025-67956.