Metagauss

Registrationmagic

41 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-14444

  • EPSS 0.01%
  • Veröffentlicht 18.02.2026 10:20:47
  • Zuletzt bearbeitet 18.02.2026 17:51:53

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process_paypal_sdk_payment' function in a...

5.3

CVE-2026-1054

  • EPSS 0.09%
  • Veröffentlicht 28.01.2026 07:27:35
  • Zuletzt bearbeitet 29.01.2026 16:31:35

The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm_set_otp AJAX action handler. This makes it possible...

5.4

CVE-2026-24374

  • EPSS 0.02%
  • Veröffentlicht 22.01.2026 16:52:45
  • Zuletzt bearbeitet 26.01.2026 15:04:14

Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects RegistrationMagic: from n/a through <= 6.0.6.9.

9.8

CVE-2025-15403

  • EPSS 0.14%
  • Veröffentlicht 17.01.2026 02:22:32
  • Zuletzt bearbeitet 26.01.2026 15:05:39

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_exists' AJAX action and allows arbitrary updates to ...

6.4

CVE-2025-13610

  • EPSS 0.04%
  • Veröffentlicht 15.12.2025 14:25:10
  • Zuletzt bearbeitet 15.12.2025 18:22:13

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RM_Forms' shortcode in all versions up to, and including, 6.0.6.7 due to...

9.8

CVE-2017-20208

Medienbericht
  • EPSS 0.33%
  • Veröffentlicht 18.10.2025 03:33:25
  • Zuletzt bearbeitet 19.12.2025 22:15:11

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 (exclusive) via deserialization of untrusted input from the is_expi...

7.2

CVE-2025-11204

  • EPSS 0.08%
  • Veröffentlicht 08.10.2025 04:23:40
  • Zuletzt bearbeitet 08.10.2025 19:38:09

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.0.6.2 due to insufficient escaping on the user supplied paramete...

4.8

CVE-2024-9390

Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.05.2025 20:16:00
  • Zuletzt bearbeitet 04.06.2025 20:07:00

The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is ...

6.4

CVE-2025-2836

  • EPSS 0.23%
  • Veröffentlicht 04.04.2025 05:22:45
  • Zuletzt bearbeitet 07.04.2025 14:18:15

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘payment_method’ parameter in all versions up to, and including, 6.0.4.3 due to in...

6.1

CVE-2025-24686

  • EPSS 0.09%
  • Veröffentlicht 31.01.2025 09:15:11
  • Zuletzt bearbeitet 04.02.2025 15:51:54

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss User Registration Forms RegistrationMagic allows Reflected XSS. This issue affects RegistrationMagic: from n/a through 6.0.3.3.