CVE-2023-23976 – This vulnerability in the RegistrationMagic Wor... (How to Fix)

Q: What is the severity of CVE-2023-23976?

CVE-2023-23976 has a CVSS score of 7.5 (HIGH). This vulnerability in the RegistrationMagic WordPress plugin allows attackers to bypass access controls and modify arbitrary prices in forms. It affects all WordPress sites using RegistrationMagic versions up to 5.1.9.2.

📋 TL;DR

This vulnerability in the RegistrationMagic WordPress plugin allows attackers to bypass access controls and modify arbitrary prices in forms. It affects all WordPress sites using RegistrationMagic versions up to 5.1.9.2.

💻 Affected Systems

Products:

RegistrationMagic WordPress Plugin

Versions: n/a through 5.1.9.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with vulnerable RegistrationMagic versions installed and activated.

📦 What is this software?

Registrationmagic by Metagauss

View all CVEs affecting Registrationmagic →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could manipulate payment amounts, potentially leading to financial fraud, unauthorized access to premium features, or data manipulation in registration systems.

🟠

Likely Case

Unauthorized price changes in registration forms, potentially allowing users to pay less than intended or access paid features without proper payment.

🟢

If Mitigated

With proper access controls and monitoring, impact would be limited to attempted unauthorized actions that are logged and blocked.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some level of access but is technically simple once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.1.9.3 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-custom-registration-forms-user-registration-and-user-login-plugin-plugin-5-1-9-2-arbitrary-price-change

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find RegistrationMagic and click 'Update Now'. 4. Verify update to version 5.1.9.3 or later.

🔧 Temporary Workarounds

Disable RegistrationMagic Plugin

all

Temporarily disable the vulnerable plugin until patching is possible

wp plugin deactivate custom-registration-form-builder-with-submission-manager

Restrict Access to Admin Functions

all

Implement additional access controls for price modification functions

🧯 If You Can't Patch

Implement strict access controls and user role validation for all price modification functions
Enable detailed logging and monitoring of all price change activities and implement alerts for suspicious modifications

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > RegistrationMagic version. If version is 5.1.9.2 or earlier, you are vulnerable.

Check Version:

wp plugin get custom-registration-form-builder-with-submission-manager --field=version

Verify Fix Applied:

Verify RegistrationMagic version is 5.1.9.3 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unauthorized price modification attempts in WordPress logs
Suspicious user activity with price-related functions

Network Indicators:

Unusual POST requests to price modification endpoints
Requests bypassing normal authentication flows

SIEM Query:

source="wordpress" AND (event="price_change" OR event="form_modification") AND user_role!="administrator"

📊 Metadata

CVE ID: CVE-2023-23976

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-276

Published: April 24, 2024

Last Updated: February 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23976, you might also want to check these: