CVE-2025-15520

The RegistrationMagic WordPress plugin prior to version 6.0.7.2 suffers from a missing capability check vulnerability (CWE-200). While the plugin validates nonces to prevent cross-site request forgery, it fails to verify that the requesting user has the necessary capabilities to access sensitive data. This means any authenticated user, including subscribers, can potentially view information intended for higher-privileged users [1].

To exploit this, an attacker needs only a subscriber-level account on the WordPress site. No additional authentication bypass or specific network position is required. The attacker can send crafted requests that leverage the nonce check but bypass capability restrictions to retrieve protected data. As the plugin does not enforce proper authorization, the attack surface is broad, affecting any site using the plugin with subscriber accounts [1].

Successful exploitation allows an attacker to disclose sensitive data, such as form submissions, user details, or other confidential information stored by the plugin. The exact type of data exposed depends on the plugin's functionality, but the vulnerability is classified as sensitive data exposure. The CVSS v3 score is 4.3 (medium) [1].

The vendor has addressed this issue in version 6.0.7.2 of RegistrationMagic. Users are strongly advised to update to this version or later to mitigate the risk. No workarounds are provided, and the vulnerability has been publicly disclosed with proof of concept details available [1].