Skip to main content

Registrationmagic CVE-2026-32498

| EUVD-2026-15845 HIGH
Missing Authorization (CWE-862)
2026-03-25 Patchstack GHSA-gx65-44f7-jh3q
Authentication Bypass Registrationmagic
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Re-analysis Queued
Apr 24, 2026 - 16:37 vuln.today
cvss_changed
EUVD ID Assigned
Mar 25, 2026 - 16:47 euvd
EUVD-2026-15845
Analysis Generated
Mar 25, 2026 - 16:47 vuln.today
CVE Published
Mar 25, 2026 - 16:14 nvd
HIGH 7.5

DescriptionCVE.org

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.

AnalysisAI

A missing authorization vulnerability exists in Metagauss RegistrationMagic (custom-registration-form-builder-with-submission-manager) plugin versions up to and including 6.0.7.6, where incorrectly configured access control allows attackers to bypass authentication mechanisms and exploit broken access control. An attacker can leverage this vulnerability to perform unauthorized actions within the application by circumventing intended authorization checks. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Access RegistrationMagic plugin without authentication
Exploit
Bypass access control checks
Execution
Read sensitive registration form data
Impact
Exfiltrate user information
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Remote unauthenticated attacker against RegistrationMagic <= 6.0.7.6 with default access control configuration. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Despite the absence of a CVSS score and EPSS probability metric, this vulnerability carries substantial real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker can navigate directly to a RegistrationMagic form submission endpoint or admin AJAX action that lacks proper authorization checks. By crafting a direct HTTP request to submit or manipulate form data, or by accessing administrative features without possessing the required WordPress user role or capability, the attacker can register users with elevated privileges, exfiltrate submitted registration data, or modify form configurations. …
Remediation Users of RegistrationMagic should immediately upgrade to a version newer than 6.0.7.6, as a patched release has been made available by Metagauss to address this authorization bypass. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 7 days: Identify all affected systems and apply vendor patches promptly. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49764 CRITICAL
9.8 Jun 15

Authentication bypass in the RegistrationMagic WordPress plugin (versions up to and including 6.0.8.6) allows unauthenti

Share

CVE-2026-32498 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy