CRITICAL🇵🇱 Wersja polska

CVE-2024-10508

CVSS 9.8v3.1pub. 2024-11-09upd. 2025-01-29

The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating a user's password. This makes it possible for unauthenticated attackers to reset the password of arbitrary users, including administrators, and gain access to these accounts.

🤖 AI Analysis
How it works

The plugin does not perform proper validation of the password reset token before applying it to change the user's password. An attacker without any authentication can initiate a password reset procedure for any account and bypass the token verification mechanism. As a result, it is possible to set a new password for a selected user, including an administrator, without knowing the original token or current password.

Impact

An attacker can gain full access to any account on the WordPress platform, including administrator accounts, leading to complete takeover of the website — violation of confidentiality, integrity, and data availability.

Mitigation & patch

The RegistrationMagic plugin must be immediately updated to a version higher than 6.0.2.6, which fixes the password reset token validation (fix available in the WordPress repository under changeset 3181174). If an immediate update is not possible, it is recommended to temporarily disable the plugin until the patch is deployed.

Who is affected

RegistrationMagic – User Registration Plugin with Custom Registration Forms for WordPress, all versions up to and including 6.0.2.6 (Metagauss RegistrationMagic).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Metagauss Registrationmagic

    APP
    Metagauss
    < 6.0.2.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassLPE
CWE
References

Related vulnerabilities

CVE-2017-20208CRITICAL9.8PL ✓ten sam produkt

PHP Object Injection w pluginie RegistrationMagic dla WordPress

CVE-2023-2499CRITICAL9.8ten sam produkt

The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and inclu...

CVE-2021-4073CRITICAL9.8ten sam produkt

The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, ...

CVE-2025-24686HIGH7.1ten sam produkt

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagaus...

CVE-2023-49831HIGH7.5ten sam produkt

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submi...