RegistrationMagic Vulnerable to Missing Authorization
CVE-2024-25935

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Registrationmagic
Vendor: CVE Published:; 11 April 2024

What is CVE-2024-25935?

A Missing Authorization vulnerability in the Metagauss RegistrationMagic plugin allows unauthorized users to potentially access sensitive operations. This issue arises in versions from n/a to 5.2.5.9, risking user data and compromising site integrity. It is imperative to apply security measures or updates to mitigate potential exploitation.

Affected Version(s)

RegistrationMagic <= 5.2.5.9

References

https://patchstack.com/database/vulnerability/custom-regi...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2024
Vulnerability Reserved
Feb 12, 2024

Credit

Majed Refaea (Patchstack Alliance)

WordPress

What is CVE-2024-25935?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit