Skip to main content

RegistrationMagic EUVDEUVD-2026-40924

| CVE-2026-12158 HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2026-07-01 Wordfence GHSA-7p35-52fv-8jr6
8.8
CVSS 3.1 · Vendor: Wordfence
Share

Severity by source

Vendor (Wordfence) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Unauthenticated remote CSRF (PR:N, AV:N, AC:L) that requires an admin to click a link (UI:R); successful attack yields full admin control, so C/I/A all High.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorVendor: Wordfence

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 01, 2026 - 08:31 vuln.today
CVE Published
Jul 01, 2026 - 07:53 nvd
HIGH 8.8

DescriptionCVE.org

The RegistrationMagic - User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the process_request function. This makes it possible for unauthenticated attackers to escalate the privileges of an arbitrary form submitter to administrator by creating a malicious Chronos automation task that is executed via WordPress cron via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

AnalysisAI

Privilege escalation via Cross-Site Request Forgery in the RegistrationMagic WordPress plugin (all versions through 6.0.9.1) lets a remote attacker promote an arbitrary form submitter to administrator by forging a request to the process_request function, which lacks proper nonce validation. The attack plants a malicious Chronos automation task that later runs through WordPress cron, and it succeeds when a logged-in administrator is tricked into clicking an attacker-supplied link. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft forged process_request link
Delivery
Lure logged-in admin to click
Exploit
CSRF creates malicious Chronos task
Execution
WordPress cron executes task
Persist
Submitter role elevated to administrator
Impact
Full site takeover

Vulnerability AssessmentAI

Exploitation Exploitation requires the RegistrationMagic plugin (≤6.0.9.1) installed with the Chronos automation subsystem reachable, and it depends on tricking an authenticated site administrator into performing an action such as clicking an attacker-controlled link while their admin session is active - that admin interaction is the primary limiting factor. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS is 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), but this vector conflicts with the description in two ways worth flagging: the description says the attacker is unauthenticated (implying PR:N, not PR:L) and that exploitation requires tricking an administrator into clicking a link (implying UI:R, not UI:N) - verify with Wordfence, as CSRF is conventionally scored PR:N/UI:R. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a web page or email link containing a forged request to the RegistrationMagic process_request endpoint and lures a logged-in site administrator into visiting it; the browser submits the request with the admin's cookies, creating a malicious Chronos task. When WordPress cron next runs, the task elevates an attacker-controlled form submitter to administrator, giving the attacker full control of the site. …
Remediation Upstream fix available (PR/commit); released patched version not independently confirmed - the WordPress.org trac changeset (revision 3579552) shows the nonce-validation fix, so update the RegistrationMagic plugin to the latest available version above 6.0.9.1 via the WordPress admin plugin updater and confirm the installed version afterward. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Audit all WordPress installations for RegistrationMagic plugin presence; disable if not operationally essential. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40924 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy