WordPress RegistrationMagic Plugin <= 5.2.2.6 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-47645

8.8HIGH

Key Information:

Vendor: WordPress
Status: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Vendor: CVE Published:; 30 November 2023

Summary

The RegistrationMagic plugin from WPDevelop is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability, allowing attackers to execute unwanted actions on behalf of users without their consent. This issue impacts all versions up to 5.2.2.6, posing a significant risk to sites that utilize the plugin for custom registration forms and user management.

Affected Version(s)

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.2.2.6

References

https://patchstack.com/database/vulnerability/custom-regi...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 30, 2023
Vulnerability Reserved
Nov 7, 2023

Credit

thiennv (Patchstack Alliance)