CVE-2025-24686 – This reflected cross-site scripting (XSS) vulne... (How to Fix)

Q: What is the severity of CVE-2025-24686?

CVE-2025-24686 has a CVSS score of 7.1 (HIGH). This reflected cross-site scripting (XSS) vulnerability in the RegistrationMagic WordPress plugin allows attackers to inject malicious scripts into web pages viewed by other users. The vulnerability affects all WordPress sites using RegistrationMagic versions up to 6.0.3.3. Attackers can steal session cookies, redirect users to malicious sites, or perform actions on behalf of authenticated users.

📋 TL;DR

This reflected cross-site scripting (XSS) vulnerability in the RegistrationMagic WordPress plugin allows attackers to inject malicious scripts into web pages viewed by other users. The vulnerability affects all WordPress sites using RegistrationMagic versions up to 6.0.3.3. Attackers can steal session cookies, redirect users to malicious sites, or perform actions on behalf of authenticated users.

💻 Affected Systems

Products:

RegistrationMagic (Custom Registration Form Builder with Submission Manager)

Versions: n/a through 6.0.3.3

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with vulnerable RegistrationMagic plugin versions are affected regardless of configuration.

📦 What is this software?

Registrationmagic by Metagauss

View all CVEs affecting Registrationmagic →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain full control of the WordPress site, install backdoors, deface the site, or steal sensitive user data including registration information.

🟠

Likely Case

Attackers steal user session cookies to hijack accounts, redirect users to phishing pages, or perform limited actions within the context of authenticated users.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts are neutralized before reaching users, preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires tricking users into clicking specially crafted links. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.0.3.4 or later

Vendor Advisory: https://patchstack.com/database/wordpress/plugin/custom-registration-form-builder-with-submission-manager/vulnerability/wordpress-registrationmagic-plugin-6-0-3-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find RegistrationMagic and click 'Update Now'. 4. Verify the plugin version is 6.0.3.4 or higher.

🔧 Temporary Workarounds

Input Validation Web Application Firewall Rule

all

Configure WAF to block requests containing suspicious script patterns in RegistrationMagic parameters

Temporary Plugin Deactivation

WordPress

Disable RegistrationMagic plugin until patched if immediate update is not possible

wp plugin deactivate custom-registration-form-builder-with-submission-manager

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Deploy web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for RegistrationMagic version. If version is 6.0.3.3 or lower, the site is vulnerable.

Check Version:

wp plugin get custom-registration-form-builder-with-submission-manager --field=version

Verify Fix Applied:

After updating, verify RegistrationMagic version shows 6.0.3.4 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual GET/POST requests to RegistrationMagic endpoints containing script tags or JavaScript code
Multiple failed login attempts following suspicious RegistrationMagic requests

Network Indicators:

HTTP requests containing <script> tags or JavaScript in RegistrationMagic parameters
Unusual redirects from RegistrationMagic pages

SIEM Query:

source="wordpress.log" AND ("registrationmagic" OR "custom-registration-form") AND ("<script>" OR "javascript:" OR "onload=" OR "onerror=")

📊 Metadata

CVE ID: CVE-2025-24686

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

Published: January 31, 2025

Last Updated: February 4, 2025

🔗 References

https://patchstack.com/database/wordpress/plugin/custom-registration-form-builder-with-submission-manager/vulnerability/wordpress-registrationmagic-plugin-6-0-3-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24686, you might also want to check these: