Home

Description

The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above.

PUBLISHED Reserved 2026-01-13 | Published 2026-02-13 | Updated 2026-02-13 | Assigner WPScan

Problem types

CWE-200 Information Exposure

Product status

Default status
unaffected

Any version before 6.0.7.2
affected

Credits

bRpsd finder

WPScan coordinator

References

wpscan.com/...rability/996f1c93-4b28-4cec-9d7c-fb66d0addabc/ exploit vdb-entry technical-description

cve.org (CVE-2025-15520)

nvd.nist.gov (CVE-2025-15520)

Download JSON