プラットフォーム
wordpress
コンポーネント
custom-registration-form-builder-with-submission-manager
修正版
6.0.7
CVE-2026-24374 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the RegistrationMagic WordPress plugin. This vulnerability allows an attacker to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions of data. The vulnerability affects versions of RegistrationMagic from 0.0.0 through 6.0.6.9, and a patch is available in version 6.0.7.0.
A successful CSRF attack could allow an attacker to modify user accounts, delete registrations, or perform other administrative actions within the RegistrationMagic plugin. The impact is directly tied to the permissions of the user being targeted. If an administrator is tricked into performing an action, the attacker could gain full control over the plugin's configuration and data. This could also lead to data breaches or denial of service depending on the actions performed. While CSRF typically requires social engineering to succeed, the potential impact warrants prompt remediation.
CVE-2026-24374 was publicly disclosed on 2026-01-22. There are currently no known public proof-of-concept exploits available. The EPSS score is likely low, given the reliance on social engineering for exploitation. The vulnerability is tracked by the NVD and CISA.
Websites using the RegistrationMagic plugin, particularly those with user registration or management features, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a vulnerability in one site could potentially impact others.
• wordpress / composer / npm:
grep -r 'RegistrationMagic/custom-registration-form-builder-with-submission-manager' /var/www/html/• wordpress / composer / npm:
wp plugin list | grep RegistrationMagic• wordpress / composer / npm:
wp plugin update --all• generic web: Check for unexpected form submissions or actions performed without user consent. Monitor access logs for unusual patterns.
disclosure
エクスプロイト状況
EPSS
0.02% (4% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-24374 is to upgrade to RegistrationMagic version 6.0.7.0 or later. If upgrading is not immediately feasible, consider implementing a Content Security Policy (CSP) to restrict the sources from which the browser can load resources. Additionally, implement strict input validation and output encoding to prevent malicious scripts from being injected. WAF rules can be configured to filter out suspicious requests containing CSRF tokens. After upgrading, confirm the vulnerability is resolved by attempting a CSRF attack on a test environment.
バージョン 6.0.7.0、またはそれ以降の修正バージョンにアップデートしてください
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-24374 is a Cross-Site Request Forgery (CSRF) vulnerability affecting RegistrationMagic WordPress plugins versions 0.0.0–6.0.6.9, allowing attackers to perform unauthorized actions.
You are affected if you are using RegistrationMagic WordPress plugin versions 0.0.0 through 6.0.6.9. Upgrade to 6.0.7.0 to mitigate the risk.
Upgrade RegistrationMagic to version 6.0.7.0 or later. Consider implementing a Content Security Policy (CSP) as an additional layer of defense.
There are currently no known active exploits for CVE-2026-24374, but the potential for exploitation exists.
Refer to the RegistrationMagic plugin website or WordPress plugin repository for the official advisory and update information.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。