CVE-2024-10508
📋 TL;DR
This vulnerability allows unauthenticated attackers to reset passwords of any WordPress user, including administrators, by exploiting improper token validation in the RegistrationMagic plugin. All WordPress sites using RegistrationMagic versions up to 6.0.2.6 are affected, potentially leading to complete site compromise.
💻 Affected Systems
- RegistrationMagic – User Registration Plugin with Custom Registration Forms
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers gain administrative access, install backdoors, steal sensitive data, deface the site, or use it for further attacks.
Likely Case
Administrative account compromise leading to unauthorized content changes, plugin/themes installation, or data exfiltration.
If Mitigated
Limited impact if strong access controls, monitoring, and backup systems are in place to detect and recover from unauthorized changes.
🎯 Exploit Status
The vulnerability requires minimal technical skill to exploit as it involves manipulating password reset functionality.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.0.2.7 or later
Vendor Advisory: https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find RegistrationMagic plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 6.0.2.7+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Disable RegistrationMagic Plugin
allTemporarily deactivate the vulnerable plugin until patched.
wp plugin deactivate custom-registration-form-builder-with-submission-manager
🧯 If You Can't Patch
- Disable the RegistrationMagic plugin immediately.
- Implement web application firewall rules to block password reset requests targeting the plugin endpoints.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → RegistrationMagic version. If version is 6.0.2.6 or lower, you are vulnerable.Check Version:
wp plugin get custom-registration-form-builder-with-submission-manager --field=versionVerify Fix Applied:
Confirm RegistrationMagic plugin version is 6.0.2.7 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unusual password reset requests, especially for administrative accounts from unfamiliar IPs.
- Multiple failed login attempts followed by successful login from new IP/location.
Network Indicators:
- HTTP POST requests to /wp-content/plugins/custom-registration-form-builder-with-submission-manager/public/controllers/class_rm_login_controller.php with password reset parameters.
SIEM Query:
source="wordpress.log" AND (uri_path="*class_rm_login_controller*" AND method="POST")🔗 References
- https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.2.6/public/controllers/class_rm_login_controller.php#L239
- https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.2.6/public/controllers/class_rm_login_controller.php#L241
- https://plugins.trac.wordpress.org/changeset/3181174/custom-registration-form-builder-with-submission-manager/trunk/public/controllers/class_rm_login_controller.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c4679fa7-be6b-4f50-8cdf-ff9822794f19?source=cve
