WordPress Plugin Vulnerabilities

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login < 6.0.7.7 - Missing Authorization

Description

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.0.7.6. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
custom-registration-form-builder-with-submission-manager
Fixed in 6.0.7.7

References

CVE
CVE-2026-32498
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/f6515d70-438b-47b7-a3c4-5b8dc401a40e

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Supakiad S. (m3ez)
Verified
No
WPVDB ID
7f83f02d-e79d-44b8-9cc7-1c9fe44c2682

Timeline

Publicly Published
2026-03-20 (about 2 months ago)
Added
2026-03-27 (about 2 months ago)
Last Updated
2026-03-27 (about 2 months ago)

Other

Published
Title
Published
2023-11-07
Title
NitroPack < 1.10.0 - Missing Authorization via multiple AJAX functions
Published
2025-06-19
Title
WP User Profile Avatar <= 1.0.6 - Missing Authorization
Published
2024-12-05
Title
Minimum and Maximum Quantity for WooCommerce < 2.1.0 - Missing Authorization
Published
2025-12-11
Title
Reformer for Elementor <= 1.0.6 - Missing Authorization
Published
2026-02-07
Title
Wava Payment <= 0.3.7 - Missing Authorization