Really Simple Security logo

Log out
Get PRO

Latest

Vulnerability found in RegistrationMagic – User Registration Plugin with Custom Registration Forms

  • Severity: critical
  • Status: Fixed
  • Publication: November 8, 2024

The RegistrationMagic plugin for WordPress, which allows users to create custom registration forms, has a security vulnerability that could lead to unauthorized access to user accounts. This vulnerability exists in all versions up to 6.0.2.6 and is caused by the plugin not properly checking the password reset token before changing a user’s password. This means that attackers who do not have an account can reset the password of any user, including administrators, and gain access to their accounts.

Detected in:

RegistrationMagic – Custom Registration Forms, User Registration, Payment and User Login fixed vulnerable versions:
RegistrationMagic – User Registration Plugin with Custom Registration Forms fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.