CVE-2025-15520 PUBLISHED

RegistrationMagic <= 6.0.7.2 - Subscriber+ Sensitive Data Disclosure

Assigner: WPScan
Reserved: 13.01.2026 Published: 13.02.2026 Updated: 13.02.2026

The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above.

Product Status

Vendor	Unknown
Product	RegistrationMagic
Versions	Default: unaffected affected from 0 to 6.0.7.2 (excl.)

Credits

bRpsd finder
WPScan coordinator

References

https://wpscan.com/vulnerability/996f1c93-4b28-4cec-9d7c-fb66d0addabc/

Problem Types

CWE-200 Information Exposure CWE