VYPR

Registrationmagic

by Registrationmagic

Source repositories

CVEs (13)

  • CVE-2025-15403CriJan 17, 2026
    risk 0.57cvss 9.8epss 0.00

    The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_exists' AJAX action and allows arbitrary updates to the 'admin_order' setting.…

  • CVE-2025-11204HigOct 8, 2025
    risk 0.40cvss 7.2epss 0.00

    The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.0.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient…

  • CVE-2025-13610MedDec 15, 2025
    risk 0.35cvss 6.4epss 0.00

    The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RM_Forms' shortcode in all versions up to, and including, 6.0.6.7 due to insufficient input…

  • CVE-2025-2836MedApr 4, 2025
    risk 0.35cvss 6.4epss 0.00

    The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘payment_method’ parameter in all versions up to, and including, 6.0.4.3 due to insufficient input…

  • CVE-2026-0929MedFeb 16, 2026
    risk 0.28cvss 4.3epss 0.00

    The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site.

  • CVE-2025-15520MedFeb 13, 2026
    risk 0.28cvss 4.3epss 0.00

    The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above.

  • CVE-2025-14444MedFeb 18, 2026
    risk 0.27cvss 5.3epss 0.00

    The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process_paypal_sdk_payment' function in all versions up to, and…

  • CVE-2026-1054MedJan 28, 2026
    risk 0.27cvss 5.3epss 0.00

    The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm_set_otp AJAX action handler. This makes it possible for unauthenticated…

  • CVE-2021-4073Dec 14, 2021
    risk 0.05cvss epss 0.07

    The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the…

  • CVE-2017-20208Oct 18, 2025
    risk 0.00cvss epss 0.01

    The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 (exclusive) via deserialization of untrusted input from the is_expired_by_date() function.…

  • CVE-2024-9390May 15, 2025
    risk 0.00cvss epss 0.00

    The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2024-39643Aug 1, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1.

  • CVE-2023-25991Mar 13, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic plugin <= 5.1.9.2 versions.