RegistrationMagic Exposes Sensitive Data to Authorized Users

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.3

RegistrationMagic Exposes Sensitive Data to Authorized Users

CVE-2025-15520

Summary

The RegistrationMagic WordPress plugin has a security issue that allows users with certain permissions to see information they shouldn't. This affects plugin versions before 6.0.7.2. To fix this, update to the latest version.

Original title

The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above.

Original description

The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above.

nvd CVSS3.1 4.3

https://wpscan.com/vulnerability/996f1c93-4b28-4cec-9d7c-fb66d0addabc/

Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026