CVE-2026-12158
WordPress · RegistrationMagic – User Registration Forms Plugin
The RegistrationMagic plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to and including 6.
Executive summary
A critical Cross-Site Request Forgery vulnerability in the RegistrationMagic WordPress plugin allows unauthenticated attackers to perform unauthorized actions on behalf of a logged-in user.
Vulnerability
This is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to trick an authenticated user into executing unwanted actions within the application. The vulnerability stems from insufficient anti-CSRF token validation within the plugin's administrative or user-facing forms.
Business impact
Successful exploitation could lead to unauthorized administrative actions, such as modifying plugin configurations or creating unauthorized user accounts. Given the CVSS score of 8.8, this poses a significant risk to the integrity and security of the WordPress instance, potentially leading to full site compromise.
Remediation
Immediate Action: Audit the WordPress environment for the presence of the RegistrationMagic plugin and ensure it is updated to the latest available version provided by the vendor.
Proactive Monitoring: Monitor server access logs for suspicious POST requests originating from unexpected referrers that target plugin-specific administrative endpoints.
Compensating Controls: Deploy a Web Application Firewall (WAF) to detect and block common CSRF patterns and unauthorized requests directed at the WordPress backend.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The high CVSS score of 8.8 underscores the necessity for prompt mitigation. Administrators should prioritize updating this plugin immediately. If a patch is not yet available, consider disabling or removing the plugin until a secure version is released to maintain the security posture of the site.