CVE-2026-24353
WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerabilityMissing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9.
We have discovered 8,076 live websites that are affected by CVE-2026-24353.
Affected Software
| Product |  User Registration |
| Category | Wordpress Plugins |
| Vulnerable Domains | 8,076 live websites (100% of User Registration install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 130 versions ( 100% of all versions) |
Details
- Published - Jan 22, 2026
- Updated - Jan 26, 2026
Credits
- Kishan Vyas | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2026-24353 United States | 2,408 websites |
 Italy | 650 websites |
 Germany | 634 websites |
 GB | 408 websites |
 France | 355 websites |
 Spain | 271 websites |
 Cyprus | 209 websites |
 Brazil | 205 websites |
 Canada | 182 websites |
 India | 174 websites |
Website Distribution by TLD
Number of websites using CVE-2026-24353| .com | 3,352 websites |
| .org | 586 websites |
| .it | 466 websites |
| .de | 245 websites |
| .co.uk | 192 websites |
| .com.br | 182 websites |
| .net | 176 websites |
| .nl | 151 websites |
| .com.au | 140 websites |
| .fr | 123 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2026-24353
Top websites that are affected by CVE-2026-24353. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****************.com | France | **,*** | |
| *********.com | United States | **,*** | |
| ******.***.my |  Malaysia | **,*** | |
| ************.com | United States | **,*** | |
| *************.com | United States | **,*** | |
| ********.de | Germany | **,*** | |
| ************.**.il |  Israel | **,*** | |
| ********.**.il | Israel | **,*** | |
| ******.de | Germany | **,*** | |
| *********.**.uk | GB | ***,*** |
FAQ
A total of 8,076 websites have been identified as vulnerable to CVE-2026-24353, based on global website indexing conducted by WebTechSurvey.
The User Registration is affected by the CVE-2026-24353 vulnerability.
User Registration versions up to and including 4.4.9 are vulnerable to CVE-2026-24353.