Description
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.
Published: 2026-03-13
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Upgrade Now
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the Metagauss RegistrationMagic WordPress plugin. Because security levels are incorrectly configured, an attacker can access submission data and other protected resources. This Unauthorized Access can lead to confidentiality breaches, potentially exposing user personal data. The weakness aligns with CWE-862, which describes missing authorization checks.

Affected Systems

Affected systems include any WordPress installation utilizing Metagauss’ RegistrationMagic plugin with a version of 6.0.7.6 or earlier. The plugin is identified by the vendor asset Metagauss:RegistrationMagic. No specific patch versions are listed in the data, but versions n/a through <= 6.0.7.6 are impacted.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate severity vulnerability. The EPSS score of <1% suggests that exploitation is unlikely, and the vulnerability is not currently listed in CISA’s KEV catalog. Exploitation would likely involve sending crafted HTTP requests to the plugin’s endpoints without proper authentication. Because the vulnerability stems from incorrect access controls, the attack vector is inferred to be web based. The risk remains present until the plugin is updated or the access controls are remedied.

Generated by OpenCVE AI on March 17, 2026 at 16:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade RegistrationMagic to a version newer than 6.0.7.6 as soon as a patch is released.
  • If an immediate upgrade is not possible, restrict access to the plugin’s submission pages by adjusting WordPress role permissions or using server‑side access controls such as .htaccess.
  • Monitor the vendor’s advisories and the plugin’s changelog for security updates and apply any patches promptly.

Generated by OpenCVE AI on March 17, 2026 at 16:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Metagauss
Metagauss registrationmagic
Wordpress
Wordpress wordpress
Vendors & Products Metagauss
Metagauss registrationmagic
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.
Title WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Metagauss Registrationmagic
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:06.776Z

Reserved: 2026-03-12T11:11:04.189Z

Link: CVE-2026-32385

cve-icon Vulnrichment

Updated: 2026-03-16T15:08:28.730Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:53.767

Modified: 2026-03-16T16:16:14.833

Link: CVE-2026-32385

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:04:14Z

Weaknesses