Metagauss

Registrationmagic

46 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-9242

  • EPSS -
  • Veröffentlicht 27.06.2026 06:50:56
  • Zuletzt bearbeitet 27.06.2026 06:50:56

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. ...

9.8

CVE-2026-49764

  • EPSS 0.4%
  • Veröffentlicht 15.06.2026 20:19:23
  • Zuletzt bearbeitet 15.06.2026 21:24:32

Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.

7.5

CVE-2026-32498

  • EPSS 0.29%
  • Veröffentlicht 25.03.2026 16:14:59
  • Zuletzt bearbeitet 24.04.2026 16:35:20

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through...

8.1

CVE-2026-24373

  • EPSS 0.38%
  • Veröffentlicht 25.03.2026 16:14:32
  • Zuletzt bearbeitet 24.04.2026 16:32:53

Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through <= 6.0.7.1.

5.4

CVE-2026-32385

  • EPSS 0.22%
  • Veröffentlicht 13.03.2026 11:42:09
  • Zuletzt bearbeitet 22.04.2026 21:30:26

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through...

5.3

CVE-2025-14444

  • EPSS 0.22%
  • Veröffentlicht 18.02.2026 10:20:47
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process_paypal_sdk_payment' function in a...

5.3

CVE-2026-1054

  • EPSS 0.23%
  • Veröffentlicht 28.01.2026 07:27:35
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm_set_otp AJAX action handler. This makes it possible...

5.4

CVE-2026-24374

  • EPSS 0.1%
  • Veröffentlicht 22.01.2026 16:52:45
  • Zuletzt bearbeitet 28.04.2026 15:16:07

Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects RegistrationMagic: from n/a through <= 6.0.6.9.

9.8

CVE-2025-15403

  • EPSS 0.46%
  • Veröffentlicht 17.01.2026 02:22:32
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_exists' AJAX action and allows arbitrary updates to ...

6.4

CVE-2025-13610

  • EPSS 0.16%
  • Veröffentlicht 15.12.2025 14:25:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RM_Forms' shortcode in all versions up to, and including, 6.0.6.7 due to...