RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login, CVE-2024-1991

CVE, Research URL: CVE-2024-1991
Home page URL: Security reports for RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Application: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Published on: Apr 10, 2024
Research Description: The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator
Affected versions: max 5.3.1.0.
Status: vulnerable

RegistrationMagic &#8211; Custom Registration Forms, User Registration, Payment, and User Login, CVE-2024-1991