CVE-2026-32498
WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerabilityMissing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.
We have discovered 1,388 live websites that are affected by CVE-2026-32498.
Affected Software
| Product |  Custom Registration Form Builder With Submission Manager |
| Category | Wordpress Plugins |
| Vulnerable Domains | 1,388 live websites (73% of Custom Registration Form Builder With Submission Manager install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 182 versions ( 97% of all versions) |
Details
- Published - Mar 25, 2026
- Updated - Apr 29, 2026
Credits
- Supakiad S. (m3ez) | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2026-32498 United States | 508 websites |
 Germany | 111 websites |
 Italy | 107 websites |
 France | 66 websites |
 GB | 64 websites |
 Canada | 33 websites |
 South Africa | 33 websites |
 India | 30 websites |
 Spain | 30 websites |
 Netherlands | 28 websites |
Website Distribution by TLD
Number of websites using CVE-2026-32498| .com | 553 websites |
| .org | 167 websites |
| .it | 82 websites |
| .de | 47 websites |
| .net | 44 websites |
| .co.uk | 30 websites |
| .eu | 22 websites |
| .pl | 21 websites |
| .nl | 21 websites |
| .ca | 17 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2026-32498
Top websites that are affected by CVE-2026-32498. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.edu | United States | **,*** | |
| *********.com | United States | ***,*** | |
| *****.***.ec |  Ecuador | ***,*** | |
| *************.com | Germany | ***,*** | |
| ********.***.in | India | ***,*** | |
| ***********.org | United States | ***,*** | |
| *******.com | France | ***,*** | |
| ******.org | United States | ***,*** | |
| **************.com | United States | ***,*** | |
| ********.**.id |  Indonesia | ***,*** |
FAQ
A total of 1,388 websites have been identified as vulnerable to CVE-2026-32498, based on global website indexing conducted by WebTechSurvey.
The Custom Registration Form Builder With Submission Manager is affected by the CVE-2026-32498 vulnerability.
Custom Registration Form Builder With Submission Manager versions up to and including 6.0.7.6 are vulnerable to CVE-2026-32498.