Lucene search
K

455 matches found

Nuclei
Nuclei
added 5 hours ago23 views

RegistrationMagic <= 5.0.1.7 - Authentication Bypass

RegistrationMagic WordPress plugin versions = 5.0.1.7 contain an authentication bypass caused by missing identity validation in socialloginusingemail, letting unauthenticated users log in as any site user, exploit requires knowing a valid username. id: CVE-2021-4073 info: name: RegistrationMagic ...

9.8CVSS6.9AI score0.07EPSS
Exploits1References3
Nuclei
Nuclei
added 5 hours ago110 views

WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection

WordPress RegistrationMagic plugin before 5.0.1.6 contains an authenticated SQL injection vulnerability. The plugin does not escape user input in its rmchronosajax AJAX action before using it in a SQL statement when duplicating tasks in batches. An attacker can possibly obtain sensitive...

7.2CVSS7.1AI score0.73293EPSS
Exploits6References5
NVD
NVD
added 2026/07/01 8:16 a.m.9 views

CVE-2026-12158

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the processrequest function. This makes it possible for unauthenticated...

8.8CVSS0.00205EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/01 7:53 a.m.35 views

CVE-2026-12158 RegistrationMagic <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation via 'rmc_assign_user_role_action' Parameter

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the processrequest function. This makes it possible for unauthenticated...

8.8CVSS0.00205EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/01 7:53 a.m.7 views

EUVD-2026-40924

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the processrequest function. This makes it possible for unauthenticated...

8.8CVSS5.8AI score0.00205EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/01 7:53 a.m.6 views

CVE-2026-12158

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the processrequest function. This makes it possible for unauthenticated...

8.8CVSS5.8AI score0.00205EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/06/30 7:50 p.m.5 views

WordPress RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation vulnerability

Cross-Site Request Forgery to Privilege Escalation vulnerability discovered by ? in WordPress Plugin RegistrationMagic versions = 6.0.9.1...

8.8CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/27 8:16 a.m.10 views

CVE-2026-9242

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

5.3CVSS0.00232EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.41 views

CVE-2026-9242 RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

5.3CVSS0.00232EPSS
Exploits0References14
CVE
CVE
added 2026/06/27 6:50 a.m.24 views

CVE-2026-9242

The CVE covers RegistrationMagic for WordPress (all versions up to 6.0.8.6) with an AUTHENTICATION BYPASS via forged PayPal IPN requests. The PayPal IPN callback is registered as a nopriv AJAX action with no authentication or nonce, and the handler writes attacker-controlled POST data (including ...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/06/27 6:50 a.m.7 views

CVE-2026-9242

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References15
EUVD
EUVD
added 2026/06/27 6:50 a.m.11 views

EUVD-2026-39949

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.16 views

PT-2026-53059

Name of the Vulnerable Software and Affected Versions RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login versions prior to 6.0.8.7 Description An authentication bypass exists due to insufficient verification of data authenticity. The PayPal IPN callback...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References20
NVD
NVD
added 2026/06/15 9:17 p.m.23 views

CVE-2026-49764

Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...

9.8CVSS0.004EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.13 views

EUVD-2026-36888

Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...

9.8CVSS5.2AI score0.004EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:19 p.m.50 views

CVE-2026-49764

CVE-2026-49764 concerns the WordPress plugin RegistrationMagic (≤ 6.0.8.6). The vulnerability is an unauthenticated broken authentication issue, exploitable over the network without user interaction. Affected component: RegistrationMagic core/plugin. Underlying impact per the metadata is high acr...

9.8CVSS5.2AI score0.004EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.31 views

CVE-2026-49764 WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...

9.8CVSS0.004EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.7 views

CVE-2026-49764 WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...

9.8CVSS5.2AI score0.004EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49512

Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...

9.8CVSS5.2AI score0.004EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/04 2:34 p.m.9 views

WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by James Paremain in WordPress Plugin RegistrationMagic versions = 6.0.8.6...

9.8CVSS5.5AI score0.004EPSS
Exploits0Affected Software1
Rows per page
Query Builder