RegistrationMagic
cpe:2.3:a:registrationmagic:registrationmagic:*:*:*:*:wordpress:*:*
- <= 6.0.7.4
A vulnerability exists in the RegistrationMagic plugin for WordPress, in versions through 6.0.7.4, due to missing nonce verification and capability checks in the rm_set_otp AJAX action handler. This flaw allows unauthenticated attackers to alter various plugin settings, such as reCAPTCHA keys, security options, and frontend menu titles.
Exploitation of this vulnerability could lead to unauthorized modification of critical plugin settings, potentially allowing for further exploitation or disruption of the affected WordPress site.
Users are advised to update the RegistrationMagic plugin to version 6.0.7.5 or a newer patched version.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.