CVE-2025-15403

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_exists' AJAX action and allows arbitrary updates to the 'admin_order' setting. This makes it possible for unauthenticated attackers to injecting an empty slug into the order parameter, and manipulate the plugin's menu generation logic, and when the admin menu is subsequently built, the plugin adds 'manage_options' capability for the target role. Note: The vulnerability can only be exploited unauthenticated, but further privilege escalation requires at least a subscriber user.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/trunk/admin/class_rm_admin.php#L487
https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/trunk/admin/controllers/class_rm_options_controller.php#L562
https://plugins.trac.wordpress.org/changeset/3440797/custom-registration-form-builder-with-submission-manager#file2
https://www.wordfence.com/threat-intel/vulnerabilities/id/68dd9f6f-ccee-4a27-bd21-2fb32b92cc62?source=cve

Configurations

No configuration.

History

17 Jan 2026, 03:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-17 03:16

Updated : 2026-01-26 15:05

NVD link : CVE-2025-15403

Mitre link : CVE-2025-15403

CVE.ORG link : CVE-2025-15403

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

9.8 /10