CVE-2026-1054
RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm_set_otp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrary plugin settings, including reCAPTCHA keys, security settings, and frontend menu titles.
| CWE | CWE-862 |
| Vendor | metagauss |
| Product | registrationmagic – custom registration forms, user registration, payment, and user login |
| Published | Jan 28, 2026 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for metagauss registrationmagic – custom registration forms, user registration, payment, and user login
Be the first to know when new medium vulnerabilities affecting metagauss registrationmagic – custom registration forms, user registration, payment, and user login are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
metagauss / RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
0 ≤ 6.0.7.4
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/daf4d246-85f3-48b3-985f-982fea4772f1?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.6.9/admin/controllers/class_rm_options_controller.php#L209 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3444777/
Credits
Md. Moniruzzaman Prodhan