CVE-2025-15403 is a critical vulnerability affecting the RegistrationMagic WordPress plugin, which manages custom registration forms, user registration, payment, and login functionalities. The root cause is improper privilege management (CWE-269) in the 'add_menu' function, which is exposed through the 'rm_user_exists' AJAX action. This function allows unauthenticated attackers to manipulate the 'admin_order' setting by injecting an empty slug into the order parameter. This manipulation alters the plugin's menu generation logic, causing the plugin to assign the 'manage_options' capability—normally reserved for administrators—to a target user role. Initially, attackers can exploit this vulnerability without authentication to influence menu settings, but to fully escalate privileges and gain administrative rights, they must have at least subscriber-level access. The vulnerability impacts all versions up to and including 6.0.7.1 of RegistrationMagic. The CVSS 3.1 score of 9.8 reflects the vulnerability's ease of exploitation (network vector, no authentication required for initial step), and its severe impact on confidentiality, integrity, and availability of affected WordPress sites. Although no public exploits have been reported yet, the vulnerability's nature makes it a prime target for attackers aiming to gain administrative control over WordPress sites using this plugin. The lack of available patches at the time of disclosure increases the urgency for mitigation.

For European organizations, this vulnerability poses a significant risk to WordPress-based websites utilizing the RegistrationMagic plugin. Successful exploitation can lead to unauthorized administrative access, allowing attackers to modify site content, steal sensitive user data, inject malicious code, or disrupt services. This can result in data breaches violating GDPR regulations, reputational damage, financial losses, and potential legal consequences. Organizations with subscriber-level users are particularly vulnerable to full privilege escalation. Given the widespread use of WordPress across Europe for business, government, and e-commerce sites, the impact could be extensive. Attackers exploiting this vulnerability could compromise multiple sites, leading to widespread service disruption and data exposure. The critical severity and network-based exploitation vector make this a high-priority threat for European entities relying on this plugin.

Immediate mitigation involves updating the RegistrationMagic plugin to a patched version once available. Until a patch is released, organizations should implement the following specific measures: 1) Restrict access to the 'rm_user_exists' AJAX action by applying web application firewall (WAF) rules to block or rate-limit suspicious requests targeting this endpoint. 2) Harden WordPress user roles by minimizing subscriber-level accounts and reviewing role capabilities to limit privilege escalation opportunities. 3) Disable or remove the RegistrationMagic plugin if it is not essential to reduce attack surface. 4) Monitor WordPress logs and AJAX request patterns for unusual activity related to 'rm_user_exists' or 'add_menu' functions. 5) Employ intrusion detection systems to alert on privilege escalation attempts. 6) Enforce multi-factor authentication (MFA) for all administrative accounts to mitigate impact if privilege escalation occurs. 7) Regularly back up WordPress sites to enable rapid recovery in case of compromise. These targeted actions go beyond generic advice and address the specific attack vectors and exploitation methods of this vulnerability.