{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T17:20:27.713","vulnerabilities":[{"cve":{"id":"CVE-2025-15403","sourceIdentifier":"security@wordfence.com","published":"2026-01-17T03:16:03.693","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_exists' AJAX action and allows arbitrary updates to the 'admin_order' setting. This makes it possible for unauthenticated attackers to injecting an empty slug into the order parameter, and manipulate the plugin's menu generation logic, and when the admin menu is subsequently built, the plugin adds 'manage_options' capability for the target role. Note: The vulnerability can only be exploited unauthenticated, but further privilege escalation requires at least a subscriber user."},{"lang":"es","value":"El plugin RegistrationMagic para WordPress es vulnerable a escalada de privilegios en todas las versiones hasta, e incluyendo, la 6.0.7.1. Esto se debe a que la función 'add_menu' es accesible a través de la acción AJAX 'rm_user_exists' y permite actualizaciones arbitrarias a la configuración 'admin_order'. Esto hace posible que atacantes no autenticados inyecten un slug vacío en el parámetro de orden, y manipulen la lógica de generación de menú del plugin, y cuando el menú de administración se construye posteriormente, el plugin añade la capacidad 'manage_options' para el rol objetivo. Nota: La vulnerabilidad solo puede ser explotada sin autenticación, pero una escalada de privilegios adicional requiere al menos un usuario suscriptor."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/trunk/admin/class_rm_admin.php#L487","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/trunk/admin/controllers/class_rm_options_controller.php#L562","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3440797/custom-registration-form-builder-with-submission-manager#file2","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/68dd9f6f-ccee-4a27-bd21-2fb32b92cc62?source=cve","source":"security@wordfence.com"}]}}]}