MalCare’s Atomic Security has emerged as the only firewall that protects against attacks exploiting a vulnerability found in the popular RegistrationMagic plugin. In fact, the attacks were blocked even before the vulnerability was discovered. 

This shows the efficacy of a WordPress-specific firewall solution like Atomic Security in safeguarding WordPress sites. 

What is the vulnerability?

Plugin information

• Vulnerable plugin version: v5.3.0.0 and earlier
• Patch release version: v5.3.1.0 and later

About the vulnerability

RegistrationMagic is a popular form builder plugin for WordPress, with an active install count of over 10,000. It helps create custom forms, for use cases like user registration, user management, payment acceptance, submission tracking, and much more.

The RegistrationMagic plugin is vulnerable to privilege escalation due to improper usage of the update_users_role() function in v5.3.0.0 and earlier. 

This function is used to change the role of users on the site. Typically, a capability check is added to determine which user roles are allowed to modify user roles for themselves and others. However, because this capability check was missing, authenticated users with subscriber-level access and above could potentially escalate their privileges to that of an administrator.

This means that a hacker only has to register as a subscriber to eventually take over the entire site. Consequently, this vulnerability has been assigned a CVSS score of 8.8 (High).

However, MalCare’s dynamic Atomic Security firewall stayed ahead throughout this whole development. Empowered by deep WordPress insights, it instantly updated itself to shield against the RegistrationMagic vulnerability, so that our users always enjoy uninterrupted, ironclad protection.

The vulnerability has now been fixed with the release of RegistrationMagic v5.3.1.0 on March 11, 2024.

Who discovered this vulnerability?

The vulnerability in the RegistrationMagic plugin was discovered by Krzysztof Zając on February 26, 2024. Subsequently, the plugin developer Metagauss was informed about this vulnerability on March 5, 2024, and a patch was released on March 11, 2024.

How is your WordPress site at risk?

Your WordPress site is at risk if it runs the RegistrationMagic plugin v5.3.0.0 or earlier.

Imagine you’ve tightly locked up every door and window in your house but accidentally left the back door wide open. That’s somewhat what’s happened with this vulnerability in the RegistrationMagic plugin. It’s a bit like inviting trouble in without knowing it.

To put it simply, a regular user could give themselves the keys to your online kingdom, escalating to an administrator role without your permission.

However, this isn’t just about a user getting unauthorized access; it’s about the entirety of your site being at the mercy of anyone who discovers this loophole. The potential for damage is significant, akin to an intruder having free rein in your house. With administrator access, they can lock you out of your website and:

• Turn your website into a troublemaker online, messing with other websites and maybe even getting you in trouble with Google;
• Take over your site to mine for cryptocurrency, which could make it super slow or even crash;
• Send your site visitors loads of annoying or tricky emails, which would make them not trust your site anymore;
• Redirect your site visitors to some really bad websites instead;
• Leave a sneaky way to get back into your site anytime they want, even if you thought you fixed everything;
• Ruin your site so much that you’d have to start over, hoping you saved a copy of your site from before the mess.

Hence, we advise you to address this vulnerability right now! It will not only protect your site but safeguard your reputation and your visitors’ trust as well.

So how did Atomic Security do it?

MalCare’s Atomic Security is an ever-learning firewall that comes with a constantly updated set of rules. These rules are formulated by analyzing thousands and thousands of individual WordPress websites for vulnerabilities—the root cause of all hacks. By combining these learnings with our over a decade-long experience in the WordPress ecosystem, we created custom firewall rules to block all privilege escalation attacks, including ones that exploit the RegistrationMagic vulnerability. This means that MalCare users are never caught off guard when such vulnerabilities pop up, which they often do.

And that is not all! Atomic Security is designed to intelligently repel all other types of cyber attacks, such as XSS and RCE. It is built from the ground up to reflect our firm belief that WordPress sites should never get hacked.

What are some other ways in which MalCare protects your site?

Think of MalCare as not just a simple firewall but a full-on protection squad for your WordPress site. But it does a lot more than just stand watch. Here’s the scoop:

• It’s like having a daily doctor’s visit for your website, where it looks around to catch any bad stuff trying to sneak in early.
• Ran into some nasty software trying to mess with your site? No sweat. MalCare comes with a powerful cleaner to kick out that unwanted stuff.
• Got a problem in your plugins or themes? MalCare won’t keep it a secret. It tells you right away so you can fix it quickly.
• Fed up with bots slowing your site down? MalCare steps in with strong defenses that not only keep them out but also make your site run faster.
• And for that extra bit of comfort, MalCare offers automatic backups stored safely away from your site, so you’re always one step ahead, never losing your hard work.