Metagauss

Registrationmagic

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-32498

  • EPSS 0.04%
  • Veröffentlicht 25.03.2026 16:14:59
  • Zuletzt bearbeitet 30.03.2026 13:27:12

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through...

8.1

CVE-2026-24373

  • EPSS 0.05%
  • Veröffentlicht 25.03.2026 16:14:32
  • Zuletzt bearbeitet 30.03.2026 13:27:12

Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through <= 6.0.7.1.

5.4

CVE-2026-32385

  • EPSS 0.04%
  • Veröffentlicht 13.03.2026 11:42:09
  • Zuletzt bearbeitet 16.03.2026 16:16:14

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through...

5.3

CVE-2025-14444

  • EPSS 0.01%
  • Veröffentlicht 18.02.2026 10:20:47
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process_paypal_sdk_payment' function in a...

5.3

CVE-2026-1054

  • EPSS 0.09%
  • Veröffentlicht 28.01.2026 07:27:35
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm_set_otp AJAX action handler. This makes it possible...

5.4

CVE-2026-24374

  • EPSS 0.02%
  • Veröffentlicht 22.01.2026 16:52:45
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects RegistrationMagic: from n/a through <= 6.0.6.9.

9.8

CVE-2025-15403

  • EPSS 0.15%
  • Veröffentlicht 17.01.2026 02:22:32
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_exists' AJAX action and allows arbitrary updates to ...

6.4

CVE-2025-13610

  • EPSS 0.04%
  • Veröffentlicht 15.12.2025 14:25:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RM_Forms' shortcode in all versions up to, and including, 6.0.6.7 due to...

9.8

CVE-2017-20208

Medienbericht
  • EPSS 0.54%
  • Veröffentlicht 18.10.2025 03:33:25
  • Zuletzt bearbeitet 19.12.2025 22:15:11

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 (exclusive) via deserialization of untrusted input from the is_expi...

7.2

CVE-2025-11204

  • EPSS 0.12%
  • Veröffentlicht 08.10.2025 04:23:40
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.0.6.2 due to insufficient escaping on the user supplied paramete...