RegistrationMagic WordPress Plugin Multiple Vulnerabilities

Researcher

This vulnerability was discovered by @yuyudhn.

Plugin Details

Detail about RegistrationMagic WordPress Plugin.

Parameter	Value
Software	RegistrationMagic
Description	Create customized user registration forms, accept payments, track submissions, manage users, analyze stats, assign user roles and more.
Software Type	WordPress Plugin
Developer	RegistrationMagic, Metagauss
Plugin URL	https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/

Unauthenticated HTML Injection

The RegistrationMagic plugin for WordPress is vulnerable to content injection in versions up to, and including, 5.1.9.2. This is due to insufficient authorization checks. This makes it possible for unauthenticated attackers to alter the content on select pages.

Parameter	Value
CVE ID	CVE-2023-23989
Classification	Content Injection
Required privilege	Unauthenticated
Affected Version	<= 5.1.9.2
Patched Version	5.1.9.3
Remediation	Update to version 5.1.9.3, or a newer patched version
Publicly disclosed	03.03.2023

Improper Authorization to Price Change

The RegistrationMagic plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 5.1.9.2. This makes it possible for unauthenticated attackers to alter the price of registrations.

Parameter	Value
CVE ID	CVE-2023-23976
Classification	Web Parameter Tampering
Required privilege	Unauthenticated
Affected Version	<= 5.1.9.2
Patched Version	5.1.9.3
Remediation	Update to version 5.1.9.3, or a newer patched version
Publicly disclosed	03.03.2023

References

• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5192-missing-authorization-to-unauthenticated-content-injection
• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5192-improper-authorization-to-price-change