Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

CVE-2026-9242

PUBLISHED 29.06.2026

CNA: Wordfence

RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request

Обновлено: 27.06.2026
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN `callback` handler being registered as a nopriv AJAX action with no authentication or nonce requirement, and critically because the handler updates the payment log database row with attacker-controlled POST data — including `payment_status` and the `custom` field encoding the target `user_id` — before PayPal IPN validation is performed, meaning the database remains poisoned even when validation subsequently fails. This makes it possible for unauthenticated attackers to authenticate as any WordPress user, including administrators, by submitting a forged IPN request that overwrites a payment log entry's `user_id` with that of a target account, then visiting the success return URL with a legitimately obtained security hash to cause the plugin to issue real WordPress authentication cookies for the targeted account.

CWE

Идентификатор Описание
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

CVSS

Оценка Severity Версия Базовый вектор
5.3 MEDIUM 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Доп. Информация

Product Status

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Product: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Vendor: metagauss
Default status: unaffected
Версии:
Затронутые версии Статус
Наблюдалось до версии 6.0.8.6 affected
 

Ссылки

https://www.wordfence.com/threat-intel/vulnerabilities/id/1dcf68fd-e9d3-4a46-8bd4-15c2598b91fe?source=cve
https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/trunk/services/class...
https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.8.4/service...
https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/trunk/public/class_r...
https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.8.4/public/...
https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/trunk/services/class...
https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.8.4/service...
https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/trunk/includes/class...
https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.8.4/include...
https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.8.1/service...
https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.8.1/public/...
https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.8.1/service...
https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.8.1/include...
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3532900%40custom-registration-form-buil...

CISA ADP Vulnrichment

Обновлено: 29.06.2026
Этот блок содержит дополнительную информацию, предоставленную программой CVE для этой уязвимости.

SSVC

Exploitation Automatable Technical Impact Версия Дата доступа
none yes partial 2.0.3 29.06.2026

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.