Privilege Escalation Vulnerability Patched in RegistrationMagic WordPress Plugin

On February 26th, 2024, during the second Wordfence Bug Bounty Extravaganza, a submission was received for a Privilege Escalation vulnerability in RegistrationMagic, a WordPress plugin with more than 10,000+ active installations. This vulnerability makes it possible for an authenticated attacker to grant themselves administrative privileges by updating the user role.

Props to Krzysztof Zając who discovered and responsibly reported this vulnerability through the Wordfence Bug Bounty Program. This researcher earned a bounty of $1,313.00 for this discovery during our Bug Bounty Program Extravaganza.

Users of paid versions of Wordfence received a firewall rule to protect against any exploits targeting this vulnerability on February 28, 2024. Sites using the free version of Wordfence received the same protection on March 29, 2024.

Wordfence contacted Metagauss on February 29, 2024, and received a response on March 4, 2024. After providing full disclosure details, the developer released a patch on March 11, 2024. We would like to commend Metagauss for their prompt response and timely patch.

We urge users to update their sites with the latest patched version of RegistrationMagic, which is version 5.3.1.0 as of the date of this post, as soon as possible.

Source and more details: https://www.wordfence.com/blog/2024/03/1313-bounty-awarded-for-privilege-escalation-vulnerability-patched-in-registrationmagic-wordpress-plugin

Posted in Vulnerability.