Plateforme
wordpress
Composant
custom-registration-form-builder-with-submission-manager
Corrigé dans
6.0.7
CVE-2026-24374 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the RegistrationMagic WordPress plugin. This vulnerability allows an attacker to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions of data. The vulnerability affects versions of RegistrationMagic from 0.0.0 through 6.0.6.9, and a patch is available in version 6.0.7.0.
A successful CSRF attack could allow an attacker to modify user accounts, delete registrations, or perform other administrative actions within the RegistrationMagic plugin. The impact is directly tied to the permissions of the user being targeted. If an administrator is tricked into performing an action, the attacker could gain full control over the plugin's configuration and data. This could also lead to data breaches or denial of service depending on the actions performed. While CSRF typically requires social engineering to succeed, the potential impact warrants prompt remediation.
CVE-2026-24374 was publicly disclosed on 2026-01-22. There are currently no known public proof-of-concept exploits available. The EPSS score is likely low, given the reliance on social engineering for exploitation. The vulnerability is tracked by the NVD and CISA.
Websites using the RegistrationMagic plugin, particularly those with user registration or management features, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a vulnerability in one site could potentially impact others.
• wordpress / composer / npm:
grep -r 'RegistrationMagic/custom-registration-form-builder-with-submission-manager' /var/www/html/• wordpress / composer / npm:
wp plugin list | grep RegistrationMagic• wordpress / composer / npm:
wp plugin update --all• generic web: Check for unexpected form submissions or actions performed without user consent. Monitor access logs for unusual patterns.
disclosure
Statut de l'Exploit
EPSS
0.02% (percentile 4%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-24374 is to upgrade to RegistrationMagic version 6.0.7.0 or later. If upgrading is not immediately feasible, consider implementing a Content Security Policy (CSP) to restrict the sources from which the browser can load resources. Additionally, implement strict input validation and output encoding to prevent malicious scripts from being injected. WAF rules can be configured to filter out suspicious requests containing CSRF tokens. After upgrading, confirm the vulnerability is resolved by attempting a CSRF attack on a test environment.
Mettre à jour vers la version 6.0.7.0, ou une version corrigée plus récente
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-24374 is a Cross-Site Request Forgery (CSRF) vulnerability affecting RegistrationMagic WordPress plugins versions 0.0.0–6.0.6.9, allowing attackers to perform unauthorized actions.
You are affected if you are using RegistrationMagic WordPress plugin versions 0.0.0 through 6.0.6.9. Upgrade to 6.0.7.0 to mitigate the risk.
Upgrade RegistrationMagic to version 6.0.7.0 or later. Consider implementing a Content Security Policy (CSP) as an additional layer of defense.
There are currently no known active exploits for CVE-2026-24374, but the potential for exploitation exists.
Refer to the RegistrationMagic plugin website or WordPress plugin repository for the official advisory and update information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.