CVE-2024-1991

HIGH

RegistrationMagic - Privilege Escalation

Title source: llm
STIX 2.1

Description

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator

Scores

CVSS v3 8.8
EPSS 0.0089
EPSS Percentile 55.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-862
Status published
Products (2)
metagauss/registrationmagic < 5.3.1.0
metagauss/RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login < 5.3.0.0
Published Apr 09, 2024
Tracked Since Feb 18, 2026