VYPR

Custom Registration Form Builder With Submission Manager

by WordPress

Source repositories

CVEs (9)

  • CVE-2026-49764CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.00

    Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.

  • CVE-2025-15403CriJan 17, 2026
    risk 0.57cvss 9.8epss 0.00

    The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_exists' AJAX action and allows arbitrary updates to the 'admin_order' setting.…

  • CVE-2026-24373HigMar 25, 2026
    risk 0.53cvss 8.1epss 0.00

    Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through <= 6.0.7.1.

  • CVE-2025-11204HigOct 8, 2025
    risk 0.40cvss 7.2epss 0.00

    The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.0.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient…

  • CVE-2026-24374MedJan 22, 2026
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects RegistrationMagic: from n/a through <= 6.0.6.9.

  • CVE-2025-13610MedDec 15, 2025
    risk 0.35cvss 6.4epss 0.00

    The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RM_Forms' shortcode in all versions up to, and including, 6.0.6.7 due to insufficient input…

  • CVE-2025-2836MedApr 4, 2025
    risk 0.35cvss 6.4epss 0.00

    The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘payment_method’ parameter in all versions up to, and including, 6.0.4.3 due to insufficient input…

  • CVE-2026-1054MedJan 28, 2026
    risk 0.27cvss 5.3epss 0.00

    The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm_set_otp AJAX action handler. This makes it possible for unauthenticated…

  • CVE-2020-9454Mar 6, 2020
    risk 0.00cvss epss 0.01

    A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and…