CVE-2025-15403 – This vulnerability in the RegistrationMagic Wor... (How to Fix)

Q: What is the severity of CVE-2025-15403?

CVE-2025-15403 has a CVSS score of 9.8 (CRITICAL). This vulnerability in the RegistrationMagic WordPress plugin allows unauthenticated attackers to manipulate menu generation logic, granting administrative capabilities to lower-privileged roles. All WordPress sites using RegistrationMagic versions up to 6.0.7.1 are affected. Attackers can escalate privileges from subscriber to administrator, potentially taking full control of the WordPress site.

📋 TL;DR

This vulnerability in the RegistrationMagic WordPress plugin allows unauthenticated attackers to manipulate menu generation logic, granting administrative capabilities to lower-privileged roles. All WordPress sites using RegistrationMagic versions up to 6.0.7.1 are affected. Attackers can escalate privileges from subscriber to administrator, potentially taking full control of the WordPress site.

💻 Affected Systems

Products:

RegistrationMagic WordPress Plugin

Versions: All versions up to and including 6.0.7.1

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress with RegistrationMagic plugin installed. The vulnerability is exploitable unauthenticated, but full privilege escalation requires at least a subscriber-level user account.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover where attackers gain administrative access, install backdoors, steal sensitive data, deface the site, or use it for further attacks.

🟠

Likely Case

Attackers gain administrative privileges, modify site content, install malicious plugins/themes, and potentially compromise the entire WordPress installation.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to temporary unauthorized access that can be detected and remediated before significant damage occurs.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is well-documented with technical details available. While no public PoC is confirmed, the simplicity of the vulnerability makes weaponization likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.0.7.2 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3440797/custom-registration-form-builder-with-submission-manager#file2

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find RegistrationMagic and click 'Update Now'. 4. Alternatively, download version 6.0.7.2+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable RegistrationMagic Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate custom-registration-form-builder-with-submission-manager

Restrict AJAX Access

linux

Block access to wp-admin/admin-ajax.php for unauthenticated users

# Add to .htaccess for Apache:
<Files "admin-ajax.php">
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Files>
# Add to nginx config:
location ~* /wp-admin/admin-ajax.php {
allow 127.0.0.1;
deny all;
}

🧯 If You Can't Patch

Immediately disable the RegistrationMagic plugin
Implement strict access controls and monitor for suspicious admin user creation

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → RegistrationMagic version. If version is 6.0.7.1 or lower, the site is vulnerable.

Check Version:

wp plugin get custom-registration-form-builder-with-submission-manager --field=version

Verify Fix Applied:

Verify RegistrationMagic version is 6.0.7.2 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual AJAX requests to admin-ajax.php with 'rm_user_exists' action
Sudden privilege escalation of subscriber users to administrators
Unexpected modifications to user roles/capabilities

Network Indicators:

POST requests to /wp-admin/admin-ajax.php with action=rm_user_exists
Unusual spikes in admin-ajax.php traffic from unauthenticated sources

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php" AND post_data CONTAINS "rm_user_exists")

📊 Metadata

CVE ID: CVE-2025-15403

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

EPSS Score: 0.1% exploit probability (27.8th percentile)

Published: January 17, 2026

Last Updated: January 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15403, you might also want to check these: