CVE-2025-15520

EUVD-2025-207002
The RegistrationMagic  WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
References
https://wpscan.com/vulnerability/996f1c93-4b28-4cec-9d7c-fb66d0addabc/