{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24373", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-22T14:42:40.515Z", "datePublished": "2026-03-25T16:14:32.185Z", "dateUpdated": "2026-03-25T16:14:32.185Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "custom-registration-form-builder-with-submission-manager", "product": "RegistrationMagic", "vendor": "Metagauss", "versions": [{"changes": [{"at": "6.0.7.2", "status": "unaffected"}], "lessThanOrEqual": "<= 6.0.7.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "0xd4rk5id3 | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:43.962Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.<p>This issue affects RegistrationMagic: from n/a through <= 6.0.7.1.</p>"}], "value": "Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through <= 6.0.7.1."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "Privilege Escalation"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:32.185Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/custom-registration-form-builder-with-submission-manager/vulnerability/wordpress-registrationmagic-plugin-6-0-7-1-account-takeover-vulnerability?_s_id=cve"}], "title": "WordPress RegistrationMagic plugin <= 6.0.7.1 - Account Takeover vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through <= 6.0.7.1."}], "id": "CVE-2026-24373", "lastModified": "2026-03-25T17:16:37.797", "metrics": {}, "published": "2026-03-25T17:16:37.797", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/custom-registration-form-builder-with-submission-manager/vulnerability/wordpress-registrationmagic-plugin-6-0-7-1-account-takeover-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T17:43:33.592629+00:00", "value": {"mitigation_remediation": ["Upgrade RegistrationMagic to a version newer than 6.0.7.1", "If an upgrade is not immediately possible, limit the plugin\u2019s permissions and disable any registration features that are not needed", "Monitor the site for suspicious account creation or privilege changes", "Apply general WordPress security hardening measures such as strong passwords and limiting administrator access"], "summary": {"action": "Patch Now", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "All installations of the Metagauss RegistrationMagic plugin with a version of 6.0.7.1 or earlier are affected. The impact applies to WordPress sites that use the plugin to handle user registrations and form submissions.", "description_and_impact": "The vulnerability is an incorrect privilege assignment flaw in the RegistrationMagic custom\u2011registration\u2011form\u2011builder\u2011with\u2011submission\u2011manager plugin. It allows an attacker to elevate their privileges within a WordPress site, potentially creating or assigning administrative roles and gaining full control of the site.", "risk_and_exploitability": "The flaw permits escalation of privileges through the plugin\u2019s permission handling, which is likely exploitable via the web interface that processes registration forms. The CVSS score is not provided, and EPSS data is unavailable; the vulnerability is not listed in the KEV catalog. Consequently, the risk depends on the presence of the affected plugin and an attacker\u2019s ability to interact with the registration functionality. The severity is considered significant because any user with access to the form can potentially assume higher privileges."}}}}, "created": "2026-03-25T21:34:46.915907+00:00", "updated": "2026-03-25T21:34:46.915940+00:00", "vendors": []}