444 matches found
RegistrationMagic <= 5.0.1.7 - Authentication Bypass
RegistrationMagic WordPress plugin versions = 5.0.1.7 contain an authentication bypass caused by missing identity validation in socialloginusingemail, letting unauthenticated users log in as any site user, exploit requires knowing a valid username. id: CVE-2021-4073 info: name: RegistrationMagic ...
WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection
WordPress RegistrationMagic plugin before 5.0.1.6 contains an authenticated SQL injection vulnerability. The plugin does not escape user input in its rmchronosajax AJAX action before using it in a SQL statement when duplicating tasks in batches. An attacker can possibly obtain sensitive...
CVE-2026-49764
Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...
EUVD-2026-36888
Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...
CVE-2026-49764 WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...
CVE-2026-49764
CVE-2026-49764 concerns the WordPress plugin RegistrationMagic (≤ 6.0.8.6). The vulnerability is an unauthenticated broken authentication issue, exploitable over the network without user interaction. Affected component: RegistrationMagic core/plugin. Underlying impact per the metadata is high acr...
CVE-2026-49764 WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...
PT-2026-49512
Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...
WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by James Paremain in WordPress Plugin RegistrationMagic versions = 6.0.8.6...
VulnCheck KEV: CVE-2025-15403
The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'addmenu' function is accessible via the 'rmuserexists' AJAX action and allows arbitrary updates to the 'adminorder' setting. This makes it possible f...
Exploit for CVE-2025-15403
CVE-2025-15403 RegistrationMagic = 6.0.7.1 - Unauthenticat...
CVE-2026-32498
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...
CVE-2026-32385
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...
EUVD-2026-15845
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...
EUVD-2026-15569
Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through = 6.0.7.1...
CVE-2026-32498
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...
CVE-2026-24373
Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through = 6.0.7.1...
CVE-2026-32498
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...
CVE-2026-32498 WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...
CVE-2026-32498
CVE-2026-32498 is a Missing Authorization vulnerability in the RegistrationMagic plugin (RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login) affecting versions up to and including 6.0.7.6. The Wordfence report explicitly attributes the issue to broken access...