216.73.216.233

CVE-2025-15403

· Published 17/01/2026 03:16 · Modified 17/01/2026 03:16

Labels: CVE-2025-15403 2026-01-17CVE-2025-15403CWE-269[email protected]

Essential information

Published
17/01/2026 03:16
Modified
17/01/2026 03:16
Author
Creator
CVSS
9.8 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_exists' AJAX action and allows arbitrary updates to the 'admin_order' setting. This makes it possible for unauthenticated attackers to injecting an empty slug into the order parameter, and manipulate the plugin's menu generation logic, and when the admin menu is subsequently built, the plugin adds 'manage_options' capability for the target role. Note: The vulnerability can only be exploited unauthenticated, but further privilege escalation requires at least a subscriber user.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wordpress / registrationmagic cpe:2.3:a:wordpress:registrationmagic:<6.0.7.1:*:*:*:*:wordpress:*:*

References