CVE-2026-12158

WordPress · RegistrationMagic – User Registration Forms Plugin

The RegistrationMagic plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to and including 6.

Executive summary

A critical Cross-Site Request Forgery vulnerability in the RegistrationMagic WordPress plugin allows unauthenticated attackers to perform unauthorized actions on behalf of a logged-in user.

Vulnerability

This is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to trick an authenticated user into executing unwanted actions within the application. The vulnerability stems from insufficient anti-CSRF token validation within the plugin's administrative or user-facing forms.

Business impact

Successful exploitation could lead to unauthorized administrative actions, such as modifying plugin configurations or creating unauthorized user accounts. Given the CVSS score of 8.8, this poses a significant risk to the integrity and security of the WordPress instance, potentially leading to full site compromise.

Remediation

Immediate Action: Audit the WordPress environment for the presence of the RegistrationMagic plugin and ensure it is updated to the latest available version provided by the vendor.

Proactive Monitoring: Monitor server access logs for suspicious POST requests originating from unexpected referrers that target plugin-specific administrative endpoints.

Compensating Controls: Deploy a Web Application Firewall (WAF) to detect and block common CSRF patterns and unauthorized requests directed at the WordPress backend.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The high CVSS score of 8.8 underscores the necessity for prompt mitigation. Administrators should prioritize updating this plugin immediately. If a patch is not yet available, consider disabling or removing the plugin until a secure version is released to maintain the security posture of the site.