VYPR

Registrationmagic

by WordPress

CVEs (39)

  • CVE-2023-2548MedMay 16, 2023
    risk 0.43cvss 6.6epss 0.01

    The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This…

  • CVE-2025-11204HigOct 8, 2025
    risk 0.40cvss 7.2epss 0.00

    The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.0.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient…

  • CVE-2021-24648MedFeb 1, 2022
    risk 0.40cvss 6.1epss 0.01

    The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting

  • CVE-2020-8436MedMar 12, 2020
    risk 0.40cvss 6.1epss 0.01

    XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter.

  • CVE-2024-39643MedAug 1, 2024
    risk 0.38cvss 5.8epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1.

  • CVE-2025-2836MedApr 4, 2025
    risk 0.35cvss 6.4epss 0.00

    The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘payment_method’ parameter in all versions up to, and including, 6.0.4.3 due to insufficient input…

  • CVE-2023-25991MedMar 13, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic plugin <= 5.1.9.2 versions.

  • CVE-2023-51544MedJun 4, 2024
    risk 0.34cvss 5.3epss 0.00

    Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0.

  • CVE-2023-51543MedJun 4, 2024
    risk 0.34cvss 5.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.2.5.0.

  • CVE-2023-23989MedApr 24, 2024
    risk 0.34cvss 5.3epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.1.9.2.

  • CVE-2024-9390MedMay 15, 2025
    risk 0.31cvss 4.8epss 0.00

    The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2026-0929MedFeb 16, 2026
    risk 0.28cvss 4.3epss 0.00

    The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site.

  • CVE-2025-15520MedFeb 13, 2026
    risk 0.28cvss 4.3epss 0.00

    The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above.

  • CVE-2024-43317MedAug 19, 2024
    risk 0.28cvss 4.3epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Metagauss User Registration Team RegistrationMagic allows Cross-Site Scripting (XSS).This issue affects RegistrationMagic: from n/a through 6.0.1.0.

  • CVE-2024-25935MedApr 11, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9.

  • CVE-2024-2951MedMar 26, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.3.0.0.

  • CVE-2023-47645MedNov 30, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User…

  • CVE-2020-9455MedMar 6, 2020
    risk 0.28cvss 4.3epss 0.01

    The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view.

  • CVE-2025-14444MedFeb 18, 2026
    risk 0.27cvss 5.3epss 0.00

    The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process_paypal_sdk_payment' function in all versions up to, and…

Page 2 of 2