RegistrationMagic Vulnerable to Missing Authorization
CVE-2024-25935

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Registrationmagic
Vendor: CVE Published:; 11 April 2024

What is CVE-2024-25935?

A Missing Authorization vulnerability in the Metagauss RegistrationMagic plugin allows unauthorized users to potentially access sensitive operations. This issue arises in versions from n/a to 5.2.5.9, risking user data and compromising site integrity. It is imperative to apply security measures or updates to mitigate potential exploitation.

Affected Version(s)

RegistrationMagic <= 5.2.5.9

References

https://patchstack.com/database/vulnerability/custom-regi...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2024
Vulnerability Reserved
Feb 12, 2024

Credit

Majed Refaea (Patchstack Alliance)

CVE-2024-25935 Data

JSON

WordPress

What is CVE-2024-25935?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit