平台
wordpress
组件
custom-registration-form-builder-with-submission-manager
修复版本
6.0.7
CVE-2026-24374 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the RegistrationMagic WordPress plugin. This vulnerability allows an attacker to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions of data. The vulnerability affects versions of RegistrationMagic from 0.0.0 through 6.0.6.9, and a patch is available in version 6.0.7.0.
A successful CSRF attack could allow an attacker to modify user accounts, delete registrations, or perform other administrative actions within the RegistrationMagic plugin. The impact is directly tied to the permissions of the user being targeted. If an administrator is tricked into performing an action, the attacker could gain full control over the plugin's configuration and data. This could also lead to data breaches or denial of service depending on the actions performed. While CSRF typically requires social engineering to succeed, the potential impact warrants prompt remediation.
CVE-2026-24374 was publicly disclosed on 2026-01-22. There are currently no known public proof-of-concept exploits available. The EPSS score is likely low, given the reliance on social engineering for exploitation. The vulnerability is tracked by the NVD and CISA.
Websites using the RegistrationMagic plugin, particularly those with user registration or management features, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a vulnerability in one site could potentially impact others.
• wordpress / composer / npm:
grep -r 'RegistrationMagic/custom-registration-form-builder-with-submission-manager' /var/www/html/• wordpress / composer / npm:
wp plugin list | grep RegistrationMagic• wordpress / composer / npm:
wp plugin update --all• generic web: Check for unexpected form submissions or actions performed without user consent. Monitor access logs for unusual patterns.
disclosure
漏洞利用状态
EPSS
0.02% (4% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-24374 is to upgrade to RegistrationMagic version 6.0.7.0 or later. If upgrading is not immediately feasible, consider implementing a Content Security Policy (CSP) to restrict the sources from which the browser can load resources. Additionally, implement strict input validation and output encoding to prevent malicious scripts from being injected. WAF rules can be configured to filter out suspicious requests containing CSRF tokens. After upgrading, confirm the vulnerability is resolved by attempting a CSRF attack on a test environment.
更新到 6.0.7.0 版本,或更新的修复版本
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-24374 is a Cross-Site Request Forgery (CSRF) vulnerability affecting RegistrationMagic WordPress plugins versions 0.0.0–6.0.6.9, allowing attackers to perform unauthorized actions.
You are affected if you are using RegistrationMagic WordPress plugin versions 0.0.0 through 6.0.6.9. Upgrade to 6.0.7.0 to mitigate the risk.
Upgrade RegistrationMagic to version 6.0.7.0 or later. Consider implementing a Content Security Policy (CSP) as an additional layer of defense.
There are currently no known active exploits for CVE-2026-24374, but the potential for exploitation exists.
Refer to the RegistrationMagic plugin website or WordPress plugin repository for the official advisory and update information.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。