CVE-2026-0929
Unknown Unknown - Not Provided

Improper Capability Checks in RegistrationMagic Plugin Allow Form Creation

Vulnerability report for CVE-2026-0929, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-16

Last updated on: 2026-02-17

Assigner: WPScan

Description

The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-16
Last Modified
2026-02-17
Generated
2026-07-06
AI Q&A
2026-02-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
registrationmagic registrationmagic to 6.0.7.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-0929 affects the WordPress plugin RegistrationMagic versions prior to 6.0.7.2. The vulnerability is caused by improper capability checks, which means that users with subscriber-level permissions or higher can create registration forms on the site without proper authorization.'}, {'type': 'paragraph', 'content': 'An attacker with subscriber access can send a specially crafted POST request to the endpoint `/wp-admin/admin-ajax.php` with specific parameters, resulting in the creation of a new registration form visible in the plugin\'s "All Forms" section.'}, {'type': 'paragraph', 'content': 'This issue is classified as a Broken Access Control vulnerability (OWASP A5) and corresponds to CWE-862 (Missing Authorization).'}] [1]

Impact Analysis

This vulnerability allows users with low-level permissions (subscribers) to create registration forms on the site without proper authorization.

This could lead to unauthorized form creation, which might be used to collect data, manipulate site behavior, or potentially facilitate further attacks depending on how the forms are used.

Because it is a Broken Access Control issue, it undermines the security model of the site by allowing actions that should be restricted to higher privilege users.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious POST requests to the WordPress admin AJAX endpoint that attempt to create new registration forms without proper authorization.'}, {'type': 'paragraph', 'content': 'Specifically, look for POST requests to `/wp-admin/admin-ajax.php` with parameters such as `action=rm_sort_form_fields`, `rm_slug=rm_form_quick_add`, `form_name`, `form_type`, `user_auto_approval`, and `data`.'}, {'type': 'paragraph', 'content': 'A network or web server log inspection can help identify such requests.'}, {'type': 'paragraph', 'content': 'For example, using command-line tools like `grep` on web server logs to find these requests:'}, {'type': 'list_item', 'content': "grep 'admin-ajax.php' /var/log/apache2/access.log | grep 'action=rm_sort_form_fields'"}, {'type': 'list_item', 'content': "grep 'rm_slug=rm_form_quick_add' /var/log/apache2/access.log"}, {'type': 'paragraph', 'content': 'Additionally, monitoring WordPress user activity logs or plugin-specific logs (if available) for unexpected form creation events can help detect exploitation attempts.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate step to mitigate this vulnerability is to update the RegistrationMagic WordPress plugin to version 6.0.7.2 or later, where the issue has been fixed.'}, {'type': 'paragraph', 'content': "Until the update can be applied, restrict subscriber-level users from accessing or interacting with the plugin's form creation features."}, {'type': 'paragraph', 'content': 'Additionally, consider implementing web application firewall (WAF) rules to block suspicious POST requests to `/wp-admin/admin-ajax.php` with the parameters associated with this vulnerability.'}] [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0929. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart