CVE-2025-13610
Stored XSS in RegistrationMagic Plugin 'RM_Forms' Shortcode
Publication date: 2025-12-15
Last updated on: 2025-12-15
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| registrationmagic | custom_registration_forms | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated attackers with contributor level access to inject arbitrary web scripts via stored cross-site scripting, which can lead to unauthorized access or manipulation of user data. Such security weaknesses can compromise the confidentiality and integrity of personal data, potentially violating compliance requirements under standards like GDPR and HIPAA that mandate protection against unauthorized data access and ensuring data security. Therefore, this vulnerability negatively impacts compliance with these regulations by exposing user data to risk through insufficient input sanitization and output escaping. [2]
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the RegistrationMagic WordPress plugin, specifically in the 'RM_Forms' shortcode's 'theme' attribute. Due to insufficient input sanitization and output escaping, authenticated users with contributor-level access or higher can inject malicious scripts into pages. These scripts execute whenever any user accesses the infected page, potentially compromising user data or site integrity.
How can this vulnerability impact me? :
The vulnerability allows attackers with contributor-level access to inject arbitrary web scripts that execute in the context of other users visiting the affected pages. This can lead to theft of user credentials, session hijacking, defacement, or unauthorized actions performed on behalf of users. It undermines the security and trustworthiness of the website and can result in data breaches or service disruption.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying the presence of the vulnerable plugin version (up to 6.0.6.7) and monitoring for suspicious input or script injections via the 'RM_Forms' shortcode's 'theme' attribute. Since the vulnerability requires authenticated contributor-level access, checking plugin versions on WordPress sites is key. Commands to detect the plugin version include using WP-CLI: `wp plugin list --format=json` to list installed plugins and their versions. Additionally, scanning web pages for injected scripts in pages using the 'RM_Forms' shortcode may help. Network detection could involve monitoring HTTP requests for suspicious payloads targeting the 'theme' attribute in form submissions. However, no specific detection commands are provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the RegistrationMagic plugin to version 6.0.6.8 or later, which includes security improvements addressing CVE-2025-13610. This update enhances input validation, output sanitization, and file upload restrictions to prevent exploitation of the stored cross-site scripting vulnerability. Applying this update will mitigate the risk of arbitrary script injection via the 'RM_Forms' shortcode's 'theme' attribute. [2]