WordPress Plugin Vulnerabilities

RegistrationMagic < 6.0.7.2 - Authentication Bypass

Description

The plugin is vulnerable to Authentication Bypass. This makes it possible for unauthenticated attackers to bypass authentication.

Proof of Concept

Affects Plugins

Plugin icon
custom-registration-form-builder-with-submission-manager
Fixed in 6.0.7.2

References

CVE
CVE-2026-24373
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d590e730-ad5f-4046-b897-c3b8aed250b3

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
0xd4rk5id3
Verified
Yes
WPVDB ID
66d7dc3a-bfc4-4878-938f-9745217e79a7

Timeline

Publicly Published
2026-03-12 (about 2 months ago)
Added
2026-03-19 (about 2 months ago)
Last Updated
2026-05-29 (about 1 day ago)

Other

Published
Title
Published
2020-03-31
Title
Elementor Page Builder < 2.9.6 - Authenticated Safe Mode Privilege Escalation
Published
2014-08-01
Title
Contact Form 7 <= 3.7.1 - CAPTCHA Bypass
Published
2025-08-27
Title
RingCentral Communications 1.5 - 1.6.8 - Missing Server‑Side Verification to Authentication Bypass via ringcentral_admin_login_2fa_verify Function
Published
2023-01-27
Title
ContentStudio < 1.2.6 - Authorisation Bypass
Published
2014-08-01
Title
G-Lock Double Opt-in Manager - Two Security Bypass Vulnerabilities