Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login, with AI-generated Chinese analysis, references, and POCs.

Vendor: metagauss

CVE IDTitleCVSSSeverityPublished
CVE-2025-14444 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment CWE-345 5.3 Medium2026-02-18
CVE-2026-1054 RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification CWE-862 5.3 Medium2026-01-28
CVE-2025-15403 RegistrationMagic <= 6.0.7.1 - Unauthenticated Privilege Escalation via admin_order CWE-269 9.8 Critical2026-01-17
CVE-2025-13610 RegistrationMagic <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_Forms' Shortcode CWE-79 6.4 Medium2025-12-15
CVE-2017-20208 RegistrationMagic - Custom Registration Forms <= 3.7.9.2 - PHP Object Injection CWE-502 9.8 Critical2025-10-18
CVE-2025-11204 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.2 - Authenticated (Administrator+) SQL Injection CWE-89 7.2 High2025-10-08
CVE-2025-2836 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-04-04
CVE-2024-10508 RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery CWE-230 9.8 Critical2024-11-09
CVE-2024-1991 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation CWE-862 8.8 High2024-04-09
CVE-2024-1990 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode CWE-89 8.8 High2024-04-09
CVE-2023-51509 WordPress RegistrationMagic Plugin <= 5.2.4.1 is vulnerable to Cross Site Scripting (XSS) CWE-79 7.1 High2024-02-01
CVE-2023-50846 WordPress RegistrationMagic Plugin <= 5.2.4.5 is vulnerable to SQL Injection CWE-89 7.6 High2023-12-28
CVE-2023-47645 WordPress RegistrationMagic Plugin <= 5.2.2.6 is vulnerable to Cross Site Request Forgery (CSRF) CWE-352 4.3 Medium2023-11-30
CVE-2023-2548 RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change CWE-639 6.6 Medium2023-05-16
CVE-2023-2499 RegistrationMagic <= 5.2.1.0 - Authentication Bypass CWE-288 9.8 Critical2023-05-16

All 15 known CVE vulnerabilities affecting RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login with full Chinese analysis, references, and POCs where available.