CVE-2024-10508

CRITICAL

RegistrationMagic < 6.0.2.7 - Unauthenticated Privilege Escalation via Password Reset Token Validation Bypass

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-10508. PoCs published by Jenderal92, ubaydev.

AI-analyzed exploit summary The repository contains a Python script that scans WordPress sites for the presence of the vulnerable RegistrationMagic plugin (version 6.0.2.6) by checking the readme.txt file. It does not exploit the vulnerability but identifies potentially vulnerable targets.

Description

The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating a user's password. This makes it possible for unauthenticated attackers to reset the password of arbitrary users, including administrators, and gain access to these accounts.

Exploits (2)

nomisec SCANNER 1 stars

by Jenderal92 · poc

https://github.com/Jenderal92/CVE-2024-10508

View Code ZIP pw:eip

The repository contains a Python script that scans WordPress sites for the presence of the vulnerable RegistrationMagic plugin (version 6.0.2.6) by checking the readme.txt file. It does not exploit the vulnerability but identifies potentially vulnerable targets.

Classification

Scanner 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin: RegistrationMagic (version 6.0.2.6)

No auth needed

Prerequisites: List of target URLs

MITRE ATT&CK

T1595 - Active Scanning

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WRITEUP

by ubaydev · poc

https://github.com/ubaydev/CVE-2024-10508

View Code ZIP pw:eip

This repository provides a detailed technical writeup for CVE-2024-10508, an unauthenticated privilege escalation vulnerability in RegistrationMagic WordPress plugin. The vulnerability allows attackers to reset passwords of arbitrary users, including administrators, due to improper validation of password reset tokens.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6

No auth needed

Prerequisites: Knowledge of an administrator-level email address · Password reset page configured by the admin

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Product

https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.2.6/public/controllers/class_rm_login_controller.php#L239

Product

https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.2.6/public/controllers/class_rm_login_controller.php#L241

Patch

https://plugins.trac.wordpress.org/changeset/3181174/custom-registration-form-builder-with-submission-manager/trunk/public/controllers/class_rm_login_controller.php

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/c4679fa7-be6b-4f50-8cdf-ff9822794f19?source=cve

Scores

CVSS v3 9.8

EPSS 0.0146

EPSS Percentile 70.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-230

Status published

Products (2)

metagauss/registrationmagic < 6.0.2.7

metagauss/RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login < 6.0.2.6

Published Nov 09, 2024

Tracked Since Feb 18, 2026