{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1054", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-16T17:03:05.877Z", "datePublished": "2026-01-28T07:27:35.396Z", "dateUpdated": "2026-04-08T17:27:26.132Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:27:26.132Z"}, "affected": [{"vendor": "metagauss", "product": "RegistrationMagic \u2013 Custom Registration Forms, User Registration, Payment, and User Login", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.0.7.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm_set_otp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrary plugin settings, including reCAPTCHA keys, security settings, and frontend menu titles."}], "title": "RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/daf4d246-85f3-48b3-985f-982fea4772f1?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.6.9/admin/controllers/class_rm_options_controller.php#L209"}, {"url": "https://plugins.trac.wordpress.org/changeset/3444777/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Md. Moniruzzaman Prodhan"}], "timeline": [{"time": "2026-01-23T06:45:14.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-01-27T19:10:54.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-28T14:43:07.271146Z", "id": "CVE-2026-1054", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T14:43:48.192Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1054", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-28T14:43:07.271146Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T14:43:39.103Z"}}], "cna": {"title": "RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification", "credits": [{"lang": "en", "type": "finder", "value": "Md. Moniruzzaman Prodhan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "metagauss", "product": "RegistrationMagic \u2013 Custom Registration Forms, User Registration, Payment, and User Login", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "6.0.7.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-23T06:45:14.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-01-27T19:10:54.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/daf4d246-85f3-48b3-985f-982fea4772f1?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.6.9/admin/controllers/class_rm_options_controller.php#L209"}, {"url": "https://plugins.trac.wordpress.org/changeset/3444777/"}], "descriptions": [{"lang": "en", "value": "The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm_set_otp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrary plugin settings, including reCAPTCHA keys, security settings, and frontend menu titles."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:27:26.132Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1054", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:27:26.132Z", "dateReserved": "2026-01-16T17:03:05.877Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-28T07:27:35.396Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm_set_otp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrary plugin settings, including reCAPTCHA keys, security settings, and frontend menu titles."}, {"lang": "es", "value": "El plugin RegistrationMagic para WordPress es vulnerable a la falta de autorizaci\u00f3n en versiones hasta la 6.0.7.4, inclusive. Esto se debe a la falta de verificaci\u00f3n de nonce y de comprobaciones de capacidad en el manejador de acciones AJAX rm_set_otp. Esto permite a atacantes no autenticados modificar configuraciones arbitrarias del plugin, incluyendo claves de reCAPTCHA, configuraciones de seguridad y t\u00edtulos de men\u00fa de frontend."}], "id": "CVE-2026-1054", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-28T08:16:03.230", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.6.9/admin/controllers/class_rm_options_controller.php#L209"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3444777/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/daf4d246-85f3-48b3-985f-982fea4772f1?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-15T18:59:50.134165+00:00", "value": {"mitigation_remediation": ["Update the RegistrationMagic plugin to a version newer than 6.0.7.4, ensuring that nonce and capability checks are restored.", "If an immediate update is not possible, disable or remove the RegistrationMagic plugin from the site to eliminate the exposed endpoint.", "Configure the WordPress site to restrict AJAX calls to authenticated users only, for example by using security plugins or .htaccess rules, and monitor for suspicious activity targeting the rm_set_otp action."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Configuration Modification"}, "threat_synthesis": {"affected_systems": "WordPress installations running the RegistrationMagic plugin prior to version 6.0.8 are susceptible. The issue is confined to the RegistrationMagic component and does not extend to core WordPress or other plugins.", "description_and_impact": "The vulnerability resides in the RegistrationMagic plugin for WordPress, affecting versions up to 6.0.7.4. A missing nonce verification and capability checks on the rm_set_otp AJAX action allow attackers who are not authenticated to change plugin settings arbitrarily. This includes reCAPTCHA keys, security parameters, and layout titles, potentially compromising site integrity and user trust.", "risk_and_exploitability": "With a CVSS score of 5.3 and an EPSS score of less than 1%, the risk of exploitation is moderate and unlikely to be widely targeted. The vulnerability is not listed in the CISA KEV catalog, and since it lacks authentication requirements, the attack vector is an unauthenticated remote AJAX request. Attackers can exploit the flaw by submitting crafted requests to the rm_set_otp endpoint, enabling arbitrary configuration changes without needing a user account."}}}}, "created": "2026-01-29T09:18:21.897461+00:00", "updated": "2026-04-15T19:00:12.319925+00:00", "vendors": ["metagauss", "metagauss$PRODUCT$registrationmagic", "wordpress", "wordpress$PRODUCT$wordpress"]}